Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#46268 - [jenkins] Cross Site Request Forgery / Code Execution
Attached to Project:
Community Packages
Opened by Christian Rebischke (Shibumi) - Friday, 11 September 2015, 20:46 GMT
Last edited by Jelle van der Waa (jelly) - Monday, 28 March 2016, 09:27 GMT
Opened by Christian Rebischke (Shibumi) - Friday, 11 September 2015, 20:46 GMT
Last edited by Jelle van der Waa (jelly) - Monday, 28 March 2016, 09:27 GMT
|
DetailsHello,
Your package is vulnerable to Cross Site Request Forgery / Code Execution. There is no CVE assigned yet. I will update this bugreport when I have more information about this issue. best regards Christian Rebischke (Archlinux CVE-Monitoring Team) References ========== http://seclists.org/bugtraq/2015/Aug/161 |
This task depends upon
Closed by Jelle van der Waa (jelly)
Monday, 28 March 2016, 09:27 GMT
Reason for closing: Fixed
Additional comments about closing: https://jenkins.io/blog/2015/11/06/mitig ating-unauthenticated-remote-code-execut ion-0-day-in-jenkins-cli/ Issue was resolved in 1.638
Monday, 28 March 2016, 09:27 GMT
Reason for closing: Fixed
Additional comments about closing: https://jenkins.io/blog/2015/11/06/mitig ating-unauthenticated-remote-code-execut ion-0-day-in-jenkins-cli/ Issue was resolved in 1.638