Package: jenkins
Version: 1.565.2-2
Severity: grave
Tags: security

Dear Maintainer,

The upstream vendor announced a security advisory.
In this advisory, some vulnerabilities are rated critical severity.

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
>SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake)
>SECURITY-110/CVE-2014-3662 (User name discovery)
>SECURITY-127&128/CVE-2014-3663 (privilege escalation in job configuration 
>permission)
>SECURITY-131/CVE-2014-3664 (directory traversal attack)
>SECURITY-138/CVE-2014-3680 (Password exposure in DOM)
>SECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins core)
>SECURITY-150/CVE-2014-3666 (remote code execution from CLI)
>SECURITY-155/CVE-2014-3667 (exposure of plugin code)
>SECURITY-159/CVE-2013-2186 (arbitrary file system write)
>SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard)

(SECURITY-113 is not about Jenkins core.)


Regards,
Nobuhiro


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to