diff options
author | Li-Wen Hsu <lwhsu@FreeBSD.org> | 2018-12-05 09:33:15 +0000 |
---|---|---|
committer | Li-Wen Hsu <lwhsu@FreeBSD.org> | 2018-12-05 09:33:15 +0000 |
commit | 482af6af5c49f424c818533248f9b00bfdfa6c3b (patch) | |
tree | 8a62ff489a4923494eff78d5b5e27f603373566d /security | |
parent | 76063b23a01cc0428dde420ccd3ec65b4248c7b6 (diff) | |
download | ports-482af6af5c49f424c818533248f9b00bfdfa6c3b.tar.gz ports-482af6af5c49f424c818533248f9b00bfdfa6c3b.zip |
Document Jenkins Security Advisory 2018-12-05
Sponsored by: The FreeBSD Foundation
Notes
Notes:
svn path=/head/; revision=486656
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b3e73cc92f6e..4ff1b265d7fb 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,43 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3aa27226-f86f-11e8-a085-3497f683cb16"> + <topic>jenkins -- multiple vulnerabilities</topic> + <affects> + <package> + <name>jenkins</name> + <range><lt>2.154</lt></range> + </package> + <package> + <name>jenkins-lts</name> + <range><lt>2.138.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jenkins Security Advisory:</p> + <blockquote cite="https://jenkins.io/security/advisory/2018-12-05/"> + <h1>Description</h1> + <h5>(Critical) SECURITY-595</h5> + <p>Code execution through crafted URLs</p> + <h5>(Medium) SECURITY-904</h5> + <p>Forced migration of user records</p> + <h5>(Medium) SECURITY-1072</h5> + <p>Workspace browser allowed accessing files outside the workspace</p> + <h5>(Medium) SECURITY-1193</h5> + <p>Potential denial of service through cron expression form validation</p> + </blockquote> + </body> + </description> + <references> + <url>https://jenkins.io/security/advisory/2018-12-05/</url> + </references> + <dates> + <discovery>2018-12-05</discovery> + <entry>2018-12-05</entry> + </dates> + </vuln> + <vuln vid="889e35f4-f6a0-11e8-82dc-fcaa147e860e"> <topic>moodle -- Login CSRF vulnerability</topic> <affects> |