FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8b03d274-56ca-489e-821a-cf32f07643f0jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Critical) SECURITY-3314 / CVE-2024-23897

Arbitrary file read vulnerability through the CLI can lead to RCE

Description

(High) SECURITY-3315 / CVE-2024-23898

Cross-site WebSocket hijacking vulnerability in the CLI


Discovery 2024-01-24
Entry 2024-01-24
jenkins
< 2.422

jenkins-lts
< 2.426.3

CVE-2024-23897
CVE-2024-23898
https://www.jenkins.io/security/advisory/2024-01-24/
402fccd0-5b6d-11ee-9898-00e081b7aa2djenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Medium) SECURITY-3261 / CVE-2023-43494

Builds can be filtered by values of sensitive build variables

(High) SECURITY-3245 / CVE-2023-43495

Stored XSS vulnerability

(High) SECURITY-3072 / CVE-2023-43496

Temporary plugin file created with insecure permissions

(Low) SECURITY-3073 / CVE-2023-43497 (Stapler), CVE-2023-43498 (MultipartFormDataParser)

Temporary uploaded file created with insecure permissions


Discovery 2023-09-20
Entry 2023-09-25
jenkins
< 2.424

jenkins-lts
< 2.414.2

CVE-2023-43494
CVE-2023-43495
CVE-2023-43496
CVE-2023-43497
https://www.jenkins.io/security/advisory/2023-09-20/
1ee26d45-6ddb-11ee-9898-00e081b7aa2djenkins -- HTTP/2 denial of service vulnerability in bundled Jetty

Jenkins Security Advisory:

Description

(High) SECURITY-3291 / CVE-2023-36478, CVE-2023-44487

HTTP/2 denial of service vulnerability in bundled Jetty


Discovery 2023-10-18
Entry 2023-10-18
jenkins
< 2.428

jenkins-lts
< 2.414.3

CVE-2023-36478
CVE-2023-44487
https://www.jenkins.io/security/advisory/2023-10-18/
b4db7d78-bb62-4f4c-9326-6e9fc2ddd400jenkins -- CSRF protection bypass vulnerability

Jenkins Security Advisory:

Description

(High) SECURITY-3135 / CVE-2023-35141

CSRF protection bypass vulnerability


Discovery 2023-06-14
Entry 2023-06-14
jenkins
< 2.400

jenkins-lts
< 2.401.1

CVE-2023-35141
https://www.jenkins.io/security/advisory/2023-06-14/
a0321b74-031d-485c-bb76-edd75256a6f0jenkins -- Stored XSS vulnerability

Jenkins Security Advisory:

Description

(High) SECURITY-3188 / CVE-2023-39151

Stored XSS vulnerability


Discovery 2023-07-26
Entry 2023-07-26
jenkins
< 2.416

jenkins-lts
< 2.401.3

CVE-2023-39151
https://www.jenkins.io/security/advisory/2023-07-26/
f68bb358-be8e-11ed-9215-00e081b7aa2djenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(High) SECURITY-3037 / CVE-2023-27898

XSS vulnerability in plugin manager

(Medium) SECURITY-3030 / CVE-2023-24998 (upstream issue), CVE-2023-27900 (MultipartFormDataParser), CVE-2023-27901 (StaplerRequest)

DoS vulnerability in bundled Apache Commons FileUpload library

(Medium) SECURITY-1807 / CVE-2023-27902

Workspace temporary directories accessible through directory browser

(Low) SECURITY-3058 / CVE-2023-27903

Temporary file parameter created with insecure permissions

(Low) SECURITY-2120 / CVE-2023-27904

Information disclosure through error stack traces related to agents


Discovery 2023-03-08
Entry 2023-03-09
jenkins
< 2.394

jenkins-lts
< 2.387.1

CVE-2023-27898
CVE-2023-24998
CVE-2023-27900
CVE-2023-27901
CVE-2023-27902
CVE-2023-27903
CVE-2023-27904
https://www.jenkins.io/security/advisory/2023-03-08/