FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  363776
Date:      2014-08-02
Time:      02:34:44Z
Committer: jhale

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9448a82f-6878-11e1-865f-00e0814cab4ejenkins -- XSS vulnerability

Jenkins Security Advisory reports:

An XSS vulnerability was found in Jenkins core, which allows an attacker to inject malicious HTMLs to pages served by Jenkins. This allows an attacker to escalate his privileges by hijacking sessions of other users. This vulnerability affects all versions.


Discovery 2012-03-05
Entry 2012-03-07
jenkins
lt 1.453

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-03-05
d846af5b-00f4-11e2-b6d0-00e0814cab4ejenkins -- multiple vulnerabilities

Jenkins Security Advisory reports:

This advisory announces security vulnerabilities that were found in Jenkins core and several plugins.

  1. The first vulnerability in Jenkins core allows unprivileged users to insert data into Jenkins master, which can lead to remote code execution. For this vulnerability to be exploited, the attacker must have an HTTP access to a Jenkins master, and he must have a read access to Jenkins.
  2. The second vulnerability in Jenkins core is a cross-site scripting vulnerability. This allows an attacker to craft an URL that points to Jenkins, and if a legitimate user clicks this link, and the attacker will be able to hijack the user session.
  3. The third vulnerability is a cross-site scripting vulnerability in the Violations plugin
  4. The fourth vulnerability is a cross-site scripting vulnerability in The Continuous Integration Game plugin

Discovery 2012-09-17
Entry 2012-09-17
jenkins
lt 1.482

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-09-17
9448a82f-6878-11e1-865f-00e0814cab4ejenkins -- XSS vulnerability

Jenkins Security Advisory reports:

An XSS vulnerability was found in Jenkins core, which allows an attacker to inject malicious HTMLs to pages served by Jenkins. This allows an attacker to escalate his privileges by hijacking sessions of other users. This vulnerability affects all versions.


Discovery 2012-03-05
Entry 2012-03-07
jenkins
lt 1.453

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-03-05