FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9bad457e-b396-4452-8773-15bec67e1cebjenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library

Jenkins Security Advisory:

Description

(Medium) SECURITY-2475 / CVE-2014-3577

Jenkins core bundles vulnerable version of the commons-httpclient library


Discovery 2021-10-06
Entry 2021-10-07
jenkins
< 2.315

jenkins-lts
< 2.303.2

CVE-2014-3577
https://www.jenkins.io/security/advisory/2021-10-06/
c2a89e8f-44e9-11ed-9215-00e081b7aa2djenkins -- XSS vulnerability

Jenkins Security Advisory:

Description

(High) SECURITY-2886 / CVE-2022-41224

Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.

Jenkins 2.370 escapes tooltips of the l:helpIcon UI component.


Discovery 2022-09-21
Entry 2022-10-05
Modified 2022-10-07
jenkins
< 2.370

CVE-2022-41224
https://www.jenkins.io/security/advisory/2022-09-21/
0b0ad196-1ee8-4a98-89b1-4d5d82af49a9jenkins -- DoS vulnerability in bundled XStream library

Jenkins Security Advisory:

Description

(Medium) SECURITY-2602 / CVE-2021-43859 (upstream issue), CVE-2022-0538 (Jenkins-specific converters)

DoS vulnerability in bundled XStream library


Discovery 2022-02-09
Entry 2022-02-10
jenkins
< 2.334

jenkins-lts
< 2.319.3

CVE-2021-43859
CVE-2022-0538
https://www.jenkins.io/security/advisory/2022-02-09/
25be46f0-f25d-11ec-b62a-00e081b7aa2djenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(High) SECURITY-2781 / CVE-2022-34170 (SECURITY-2779), CVE-2022-34171 (SECURITY-2761), CVE-2022-34172 (SECURITY-2776), CVE-2022-34173 (SECURITY-2780)

Multiple XSS vulnerabilities

(Medium) SECURITY-2566 / CVE-2022-34174

Observable timing discrepancy allows determining username validity

(Medium) Unauthorized view fragment access

SECURITY-2777 / CVE-2022-34175


Discovery 2022-06-22
Entry 2022-06-22
jenkins
< 2.356

jenkins-lts
< 2.346.1

CVE-2022-34170
CVE-2022-34171
CVE-2022-34172
CVE-2022-34173
CVE-2022-34174
CVE-2022-34175
https://www.jenkins.io/security/advisory/2022-06-22/
2bf56269-90f8-4a82-b82f-c0e289f2a0dcjenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Critical) SECURITY-2455 / CVE-2021-21685, CVE-2021-21686, CVE-2021-21687, CVE-2021-21688, CVE-2021-21689, CVE-2021-21690, CVE-2021-21691, CVE-2021-21692, CVE-2021-21693, CVE-2021-21694, CVE-2021-21695

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control

(High) SECURITY-2423 / CVE-2021-21696

Agent-to-controller access control allowed writing to sensitive directory used by Pipeline: Shared Groovy Libraries Plugin

(High) SECURITY-2428 / CVE-2021-21697

Agent-to-controller access control allows reading/writing most content of build directories

(Medium) SECURITY-2506 / CVE-2021-21698

Path traversal vulnerability in Subversion Plugin allows reading arbitrary files


Discovery 2021-11-04
Entry 2021-11-04
jenkins
< 2.319

jenkins-lts
< 2.303.3

CVE-2021-21685
CVE-2021-21686
CVE-2021-21687
CVE-2021-21688
CVE-2021-21689
CVE-2021-21690
CVE-2021-21691
CVE-2021-21692
CVE-2021-21693
CVE-2021-21694
CVE-2021-21695
CVE-2021-21696
CVE-2021-21697
CVE-2021-21698
https://www.jenkins.io/security/advisory/2021-11-04/
9d271bab-da22-11eb-86f0-94c691a700a6jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Medium) SECURITY-2278 / CVE-2021-21670

Improper permission checks allow canceling queue items and aborting builds

(High) SECURITY-2371 / CVE-2021-21671

Session fixation vulnerability


Discovery 2021-06-30
Entry 2021-07-01
jenkins
< 2.300

jenkins-lts
< 2.289.2

CVE-2021-21670
CVE-2021-21671
https://www.jenkins.io/security/advisory/2021-06-30/
9595d002-edeb-4602-be2d-791cd654247ejenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Low) SECURITY-1721 / CVE-2021-21639

Lack of type validation in agent related REST API

(Medium) SECURITY-1871 / CVE-2021-21640

View name validation bypass


Discovery 2021-04-07
Entry 2021-04-08
jenkins
< 2.287

jenkins-lts
< 2.277.2

https://www.jenkins.io/security/advisory/2021-04-07/
e358b470-b37d-4e47-bc8a-2cd9adbeb63cjenkins -- Denial of service vulnerability in bundled Jetty

Jenkins Security Advisory:

Description

(High) JENKINS-65280 / CVE-2021-28165

Denial of service vulnerability in bundled Jetty


Discovery 2021-04-20
Entry 2021-04-20
jenkins
< 2.286

jenkins-lts
< 2.277.3

https://www.jenkins.io/security/advisory/2021-04-20/
CVE-2021-28165
672eeea9-a070-4f88-b0f1-007e90a2cbc3jenkins -- multiple vulnerabilities

Jenkins Security Advisory:

Description

(Medium) SECURITY-2558 / CVE-2022-20612

CSRF vulnerability in build triggers


Discovery 2022-01-12
Entry 2022-01-12
jenkins
< 2.330

jenkins-lts
< 2.319.2

CVE-2022-20612
https://www.jenkins.io/security/advisory/2022-01-12/