568030 – <dev-utils/jenkins-bin-{1.641,1.625.3}: Multiple vulnerabilities

Bug 568030 - <dev-utils/jenkins-bin-{1.641,1.625.3}: Multiple vulnerabilities

Summary: <dev-utils/jenkins-bin-{1.641,1.625.3}: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://wiki.jenkins-ci.org/display/S...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2015-12-11 21:39 UTC by Manuel Rüger (RETIRED)
Modified:	2015-12-12 12:00 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Manuel Rüger (RETIRED) gentoo-dev

2015-12-11 21:39:53 UTC

SECURITY-95 is considered medium as it allows low-privilege users to perform limited XSS in certain configurations.
SECURITY-225 is considered high as it allows unprivileged attackers to perform some administrative actions via CSRF.
SECURITY-233 is considered high as it allows unprivileged attackers to circumvent CSRF protection.
SECURITY-234 is considered high as it allows attackers able to manipulate the network path between Jenkins and the update site to install and run arbitrary code on Jenkins.


I updated the ebuilds in both slots and removed the vulnerable versions.

Comment 1 Agostino Sarubbo gentoo-dev

2015-12-12 12:00:01 UTC

great job. closing as noglsa