FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  366223
Date:      2014-08-26
Time:      16:36:41Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7fe5b84a-78eb-11e2-8441-00e0814cab4ejenkins -- multiple vulnerabilities

Jenkins Security Advisory reports:

This advisory announces multiple security vulnerabilities that were found in Jenkins core.

  1. One of the vulnerabilities allows cross-site request forgery (CSRF) attacks on Jenkins master, which causes an user to make unwanted actions on Jenkins. Another vulnerability enables cross-site scripting (XSS) attacks, which has the similar consequence. Another vulnerability allowed an attacker to bypass the CSRF protection mechanism in place, thereby mounting more CSRF attackes. These attacks allow an attacker without direct access to Jenkins to mount an attack.
  2. In the fourth vulnerability, a malicious user of Jenkins can trick Jenkins into building jobs that he does not have direct access to.
  3. And lastly, a vulnerability allows a malicious user of Jenkins to mount a denial of service attack by feeding a carefully crafted payload to Jenkins.

Discovery 2013-02-16
Entry 2013-02-17
jenkins
lt 1.501

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
622e14b1-b40c-11e2-8441-00e0814cab4ejenkins -- multiple vulnerabilities

Jenkins Security Advisory reports:

This advisory announces multiple security vulnerabilities that were found in Jenkins core.

  1. SECURITY-63 / CVE-2013-2034

    This creates a cross-site request forgery (CSRF) vulnerability on Jenkins master, where an anonymous attacker can trick an administrator to execute arbitrary code on Jenkins master by having him open a specifically crafted attack URL.

    There's also a related vulnerability where the permission check on this ability is done imprecisely, which may affect those who are running Jenkins instances with a custom authorization strategy plugin.

  2. SECURITY-67 / CVE-2013-2033

    This creates a cross-site scripting (XSS) vulnerability, where an attacker with a valid user account on Jenkins can execute JavaScript in the browser of other users, if those users are using certain browsers.

  3. SECURITY-69 / CVE-2013-2034

    This is another CSRF vulnerability that allows an attacker to cause a deployment of binaries to Maven repositories. This vulnerability has the same CVE ID as SEUCRITY-63.

  4. SECURITY-71 / CVE-2013-1808

    This creates a cross-site scripting (XSS) vulnerability.


Discovery 2013-05-02
Entry 2013-05-03
jenkins
lt 1.514

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02
CVE-2013-2034
CVE-2013-2033
CVE-2013-2034
CVE-2013-1808