diff options
| author | lwhsu <lwhsu@FreeBSD.org> | 2013-05-04 00:26:19 +0800 |
|---|---|---|
| committer | lwhsu <lwhsu@FreeBSD.org> | 2013-05-04 00:26:19 +0800 |
| commit | b12ec3b00a29e397ac62eed1fbddebdb027ef9ed (patch) | |
| tree | 2edea2359c0da33e522026d91e9db309042f8002 /security | |
| parent | 412cdc6db2e8e4abfb06dbbdbfb1f8f39896cccd (diff) | |
| download | freebsd-ports-gnome-b12ec3b00a29e397ac62eed1fbddebdb027ef9ed.tar.gz freebsd-ports-gnome-b12ec3b00a29e397ac62eed1fbddebdb027ef9ed.tar.zst freebsd-ports-gnome-b12ec3b00a29e397ac62eed1fbddebdb027ef9ed.zip | |
Document Jenkins Security Advisory 2013-05-02
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 93759eed999e..5f3e37597f0a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,62 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="622e14b1-b40c-11e2-8441-00e0814cab4e"> + <topic>jenkins -- multiple vulnerabilities</topic> + <affects> + <package> + <name>jenkins</name> + <range><lt>1.514</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jenkins Security Advisory reports:</p> + <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02"> + <p>This advisory announces multiple security vulnerabilities that + were found in Jenkins core.</p> + <ol> + <li> + <p>SECURITY-63 / CVE-2013-2034</p> + <p>This creates a cross-site request forgery (CSRF) vulnerability + on Jenkins master, where an anonymous attacker can trick an + administrator to execute arbitrary code on Jenkins master by + having him open a specifically crafted attack URL.</p> + <p>There's also a related vulnerability where the permission + check on this ability is done imprecisely, which may affect + those who are running Jenkins instances with a custom + authorization strategy plugin.</p> + </li> + <li> + <p>SECURITY-67 / CVE-2013-2033</p> + <p>This creates a cross-site scripting (XSS) vulnerability, where + an attacker with a valid user account on Jenkins can execute + JavaScript in the browser of other users, if those users are + using certain browsers.</p> + </li> + <li> + <p>SECURITY-69 / CVE-2013-2034</p> + <p>This is another CSRF vulnerability that allows an attacker to + cause a deployment of binaries to Maven repositories. This + vulnerability has the same CVE ID as SEUCRITY-63.</p> + </li> + <li> + <p>SECURITY-71 / CVE-2013-1808</p> + <p>This creates a cross-site scripting (XSS) vulnerability.</p> + </li> + </ol> + </blockquote> + </body> + </description> + <references> + <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02</url> + </references> + <dates> + <discovery>2013-05-02</discovery> + <entry>2013-05-03</entry> + </dates> + </vuln> + <vuln vid="e66a6e2f-b0d5-11e2-9164-0016e6dcb562"> <topic>FreeBSD -- NFS remote denial of service</topic> <affects> |