diff options
| author | lwhsu <lwhsu@FreeBSD.org> | 2013-01-08 13:18:14 +0800 |
|---|---|---|
| committer | lwhsu <lwhsu@FreeBSD.org> | 2013-01-08 13:18:14 +0800 |
| commit | d70ea58a030483951310ff6cd284810c725deabb (patch) | |
| tree | 0b8707fb4620892b1d8871678f46e8006d58641e /security/vuxml | |
| parent | a5619cba9104ffd09a54c4ce8be6a2606fb7935e (diff) | |
| download | freebsd-ports-gnome-d70ea58a030483951310ff6cd284810c725deabb.tar.gz freebsd-ports-gnome-d70ea58a030483951310ff6cd284810c725deabb.tar.zst freebsd-ports-gnome-d70ea58a030483951310ff6cd284810c725deabb.zip | |
Document Jenkins 2013-01-04 Security Advisory
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 14dc1abce809..b2e831b9d7b8 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,45 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3a65d33b-5950-11e2-b66b-00e0814cab4e"> + <topic>jenkins -- HTTP access to the server to retrieve the master cryptographic key</topic> + <affects> + <package> + <name>jenkins</name> + <range><lt>1.498</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jenkins Security Advisory reports:</p> + <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04"> + <p>This advisory announces a security vulnerability that was found + in Jenkins core.</p> + <p>An attacker can then use this master cryptographic key to mount + remote code execution attack against the Jenkins master, or + impersonate arbitrary users in making REST API calls.</p> + <p>There are several factors that mitigate some of these problems + that may apply to specific installations.</p> + <ul> + <li>The particular attack vector is only applicable on Jenkins + instances that have slaves attached to them, and allow + anonymous read access.</li> + <li>Jenkins allows users to re-generate the API tokens. Those + re-generated API tokens cannot be impersonated by the + attacker.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04</url> + </references> + <dates> + <discovery>2013-01-04</discovery> + <entry>2013-01-08</entry> + </dates> + </vuln> + <vuln vid="1b769b72-582b-11e2-b66b-00e0814cab4e"> <topic>django -- multiple vulnerabilities</topic> <affects> |