FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  566651
Date:      2021-02-27
Time:      01:49:47Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8e9c3f5a-715b-4336-8d05-19babef55e9ejenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Medium) SECURITY-1289

Jenkins accepted cached legacy CLI authentication

(Medium) SECURITY-1327

XSS vulnerability in form validation button


Discovery 2019-04-10
Entry 2019-04-10
jenkins
lt 2.172

jenkins-lts
lt 2.164.2

https://jenkins.io/security/advisory/2019-04-10/
df3db21d-1a4d-4c78-acf7-4639e5a795e0jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Medium) SECURITY-1424 / CVE-2019-10352

Arbitrary file write vulnerability using file parameter definitions

(High) SECURITY-626 / CVE-2019-10353

CSRF protection tokens did not expire

(Medium) SECURITY-534 / CVE-2019-10354

Unauthorized view fragment access


Discovery 2019-07-17
Entry 2019-07-17
jenkins
lt 2.186

jenkins-lts
lt 2.176.2

CVE-2019-10352
CVE-2019-10353
CVE-2019-10354
https://jenkins.io/security/advisory/2019-07-17/
3aa27226-f86f-11e8-a085-3497f683cb16jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Critical) SECURITY-595

Code execution through crafted URLs

(Medium) SECURITY-904

Forced migration of user records

(Medium) SECURITY-1072

Workspace browser allowed accessing files outside the workspace

(Medium) SECURITY-1193

Potential denial of service through cron expression form validation


Discovery 2018-12-05
Entry 2018-12-05
jenkins
lt 2.154

jenkins-lts
lt 2.138.3

https://jenkins.io/security/advisory/2018-12-05/
7a7891fc-6318-447a-ba45-31d525ec11a0jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Medium) SECURITY-1453 / CVE-2019-10383

Stored XSS vulnerability in update center

(High) SECURITY-1491 / CVE-2019-10384

CSRF protection tokens for anonymous users did not expire in some circumstances


Discovery 2019-08-28
Entry 2019-08-28
jenkins
le 2.191

jenkins-lts
le 2.176.2

CVE-2019-10383
CVE-2019-10384
https://jenkins.io/security/advisory/2019-08-28/
09ea1b08-1d3e-4bf2-91a1-d6573f4da3d8jenkins -- Buffer corruption in bundled Jetty

Jenkins Security Advisory:

Description

(Critical) SECURITY-1983 / CVE-2019-17638

Buffer corruption in bundled Jetty


Discovery 2020-08-17
Entry 2020-08-17
jenkins
lt 2.243

jenkins-lts
lt 2.235.5

CVE-2019-17638
https://www.jenkins.io/security/advisory/2020-08-17/
debf6353-5753-4e9a-b710-a83ecdd743dejenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(High) SECURITY-868

Administrators could persist access to Jenkins using crafted 'Remember me' cookie

(Medium) SECURITY-901

Deleting a user in an external security realm did not invalidate their session or 'Remember me' cookie


Discovery 2019-01-16
Entry 2019-01-16
jenkins
lt 2.160

jenkins-lts
lt 2.150.2

https://jenkins.io/security/advisory/2019-01-16/
6905f05f-a0c9-11e8-8335-8c164535ad80jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Low) SECURITY-637

Jenkins allowed deserialization of URL objects with host components

(Medium) SECURITY-672

Ephemeral user record was created on some invalid authentication attempts

(Medium) SECURITY-790

Cron expression form validation could enter infinite loop, potentially resulting in denial of service

(Low) SECURITY-996

"Remember me" cookie was evaluated even if that feature is disabled

(Medium) SECURITY-1071

Unauthorized users could access agent logs

(Low) SECURITY-1076

Unauthorized users could cancel scheduled restarts initiated from the update center


Discovery 2018-08-15
Entry 2018-08-15
jenkins
lt 2.138

jenkins-lts
lt 2.121.3

https://jenkins.io/security/advisory/2018-08-15/
3350275d-cd5a-11e8-a7be-3497f683cb16jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Low) SECURITY-867

Path traversal vulnerability in Stapler allowed accessing internal data

(Medium) SECURITY-1074

Arbitrary file write vulnerability using file parameter definitions

(Medium) SECURITY-1129

Reflected XSS vulnerability

(Medium) SECURITY-1162

Ephemeral user record was created on some invalid authentication attempts

(Medium) SECURITY-1128

Ephemeral user record creation

(Medium) SECURITY-1158

Session fixation vulnerability on user signup

(Medium) SECURITY-765

Failures to process form submission data could result in secrets being displayed or written to logs


Discovery 2018-10-10
Entry 2018-10-11
jenkins
lt 2.146

jenkins-lts
lt 2.138.2

https://jenkins.io/security/advisory/2018-10-10/
9720bb39-f82a-402f-9fe4-e2c875bdda83jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Medium) SECURITY-1498 / CVE-2019-10401

Stored XSS vulnerability in expandable textbox form control

(Medium) SECURITY-1525 / CVE-2019-10402

XSS vulnerability in combobox form control

(Medium) SECURITY-1537 (1) / CVE-2019-10403

Stored XSS vulnerability in SCM tag action tooltip

(Medium) SECURITY-1537 (2) / CVE-2019-10404

Stored XSS vulnerability in queue item tooltip

(Medium) SECURITY-1505 / CVE-2019-10405

Diagnostic web page exposed Cookie HTTP header

(Medium) SECURITY-1471 / CVE-2019-10406

XSS vulnerability in Jenkins URL setting


Discovery 2019-09-25
Entry 2019-09-25
jenkins
le 2.196

jenkins-lts
le 2.176.3

CVE-2019-10401
CVE-2019-10402
CVE-2019-10403
CVE-2019-10404
CVE-2019-10405
CVE-2019-10406
https://jenkins.io/security/advisory/2019-09-25/
a250539d-d1d4-4591-afd3-c8bdfac335d8jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(High) SECURITY-1682 / CVE-2020-2099

Inbound TCP Agent Protocol/3 authentication bypass

(Medium) SECURITY-1641 / CVE-2020-2100

Jenkins vulnerable to UDP amplification reflection attack

(Medium) SECURITY-1659 / CVE-2020-2101

Non-constant time comparison of inbound TCP agent connection secret

(Medium) SECURITY-1660 / CVE-2020-2102

Non-constant time HMAC comparison

(Medium) SECURITY-1695 / CVE-2020-2103

Diagnostic page exposed session cookies

(Medium) SECURITY-1650 / CVE-2020-2104

Memory usage graphs accessible to anyone with Overall/Read

(Low) SECURITY-1704 / CVE-2020-2105

Jenkins REST APIs vulnerable to clickjacking

(Medium) SECURITY-1680 / CVE-2020-2106

Stored XSS vulnerability in Code Coverage API Plugin

(Medium) SECURITY-1565 / CVE-2020-2107

Fortify Plugin stored credentials in plain text

(High) SECURITY-1719 / CVE-2020-2108

XXE vulnerability in WebSphere Deployer Plugin


Discovery 2020-01-29
Entry 2020-01-29
jenkins
le 2.219

jenkins-lts
le 2.204.2

CVE-2020-2099
CVE-2020-2100
CVE-2020-2101
CVE-2020-2102
CVE-2020-2103
CVE-2020-2104
CVE-2020-2105
CVE-2020-2106
CVE-2020-2107
CVE-2020-2108
https://jenkins.io/security/advisory/2020-01-29/
d6f76976-e86d-4f9a-9362-76c849b10db2jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Medium) SECURITY-1452 / CVE-2021-21602

Arbitrary file read vulnerability in workspace browsers

(High) SECURITY-1889 / CVE-2021-21603

XSS vulnerability in notification bar

(High) SECURITY-1923 / CVE-2021-21604

Improper handling of REST API XML deserialization errors

(High) SECURITY-2021 / CVE-2021-21605

Path traversal vulnerability in agent names

(Medium) SECURITY-2023 / CVE-2021-21606

Arbitrary file existence check in file fingerprints

(Medium) SECURITY-2025 / CVE-2021-21607

Excessive memory allocation in graph URLs leads to denial of service

(High) SECURITY-2035 / CVE-2021-21608

Stored XSS vulnerability in button labels

(Low) SECURITY-2047 / CVE-2021-21609

Missing permission check for paths with specific prefix

(High) SECURITY-2153 / CVE-2021-21610

Reflected XSS vulnerability in markup formatter preview

(High) SECURITY-2171 / CVE-2021-21611

Stored XSS vulnerability on new item page


Discovery 2021-01-13
Entry 2021-01-13
jenkins
lt 2.275

jenkins-lts
lt 2.263.2

https://www.jenkins.io/security/advisory/2021-01-13/
1ddab5cb-14c9-4632-959f-802c412a9593jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(High) SECURITY-1868 / CVE-2020-2220

Stored XSS vulnerability in job build time trend

(High) SECURITY-1901 / CVE-2020-2221

Stored XSS vulnerability in upstream cause

(High) SECURITY-1902 / CVE-2020-2222

Stored XSS vulnerability in 'keep forever' badge icons

(High) SECURITY-1945 / CVE-2020-2223

Stored XSS vulnerability in console links


Discovery 2020-07-15
Entry 2020-07-15
jenkins
lt 2.245

jenkins-lts
lt 2.235.2

CVE-2020-2220
CVE-2020-2221
CVE-2020-2222
CVE-2020-2223
https://www.jenkins.io/security/advisory/2020-07-15/
5bf6ed6d-9002-4f43-ad63-458f59e45384jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(High) SECURITY-1774 / CVE-2020-2160

CSRF protection for any URL could be bypassed

(Medium) SECURITY-1781 / CVE-2020-2161

Stored XSS vulnerability in label expression validation

(Medium) SECURITY-1793 / CVE-2020-2162

Stored XSS vulnerability in file parameters

(Medium) SECURITY-1796 / CVE-2020-2163

Stored XSS vulnerability in list view column headers


Discovery 2020-03-25
Entry 2020-03-25
jenkins
le 2.227

jenkins-lts
le 2.204.5

CVE-2020-2160
CVE-2020-2161
CVE-2020-2162
CVE-2020-2163
https://jenkins.io/security/advisory/2020-03-25/
eef0d2d9-78c0-441e-8b03-454c5baebe20jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(High) SECURITY-1955 / CVE-2020-2229

Stored XSS vulnerability in help icons

(High) SECURITY-1957 / CVE-2020-2230

Stored XSS vulnerability in project naming strategy

(High) SECURITY-1960 / CVE-2020-2231

Stored XSS vulnerability in 'Trigger builds remotely'


Discovery 2020-08-12
Entry 2020-08-12
jenkins
lt 2.252

jenkins-lts
lt 2.235.4

CVE-2020-2229
CVE-2020-2230
CVE-2020-2231
https://www.jenkins.io/security/advisory/2020-08-12/