FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
06ab7724-0fd7-427e-a5ce-fe436302b10c	jenkins -- multiple vulnerabilities Jenkins developers report: The agent to master security subsystem ensures that the Jenkins master is protected from maliciously configured agents. A path traversal vulnerability allowed agents to escape whitelisted directories to read and write to files they should not be able to access. Black Duck Hub Plugin's API endpoint was affected by an XML External Entity (XXE) processing vulnerability. This allowed an attacker with Overall/Read access to have Jenkins parse a maliciously crafted file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks. Several other lower severity issues were reported, see reference url for details. Discovery 2018-05-09 Entry 2018-05-10 jenkins le 2.120 jenkins-lts le 2.107.2 https://jenkins.io/security/advisory/2018-05-09/

VuXML ID

Description

06ab7724-0fd7-427e-a5ce-fe436302b10c

jenkins -- multiple vulnerabilities

Jenkins developers report:

The agent to master security subsystem ensures that the Jenkins master is protected from maliciously configured agents. A path traversal vulnerability allowed agents to escape whitelisted directories to read and write to files they should not be able to access.

Black Duck Hub Plugin's API endpoint was affected by an XML External Entity (XXE) processing vulnerability. This allowed an attacker with Overall/Read access to have Jenkins parse a maliciously crafted file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks.

Several other lower severity issues were reported, see reference url for details.

Discovery 2018-05-09
Entry 2018-05-10
jenkins

le 2.120

jenkins-lts

le 2.107.2

https://jenkins.io/security/advisory/2018-05-09/