Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b78aa84 by Salvatore Bonaccorso at 2021-02-25T21:59:00+01:00
Replace some jenkins specific NFUs to the source package
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12669,7 +12669,7 @@ CVE-2021-22114
CVE-2021-22113 (Applications using the “Sensitive Headers”
functionality i ...)
NOT-FOR-US: Spring Cloud Netflix Zuul
CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to
5.3.8.RELEASE, 5. ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-22111
RESERVED
CVE-2021-22110
@@ -13684,7 +13684,7 @@ CVE-2021-21617 (A cross-site request forgery (CSRF)
vulnerability in Jenkins Con
CVE-2021-21616 (Jenkins Active Choices Plugin 2.5.2 and earlier does not
escape refere ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21615 (Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files
using the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-21614 (Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores
credentials u ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21613 (Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape
TICS servic ...)
@@ -13692,25 +13692,25 @@ CVE-2021-21613 (Jenkins TICS Plugin 2020.3.0.6 and
earlier does not escape TICS
CVE-2021-21612 (Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores
credenti ...)
NOT-FOR-US: Jenkins plugin
CVE-2021-21611 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
escape dis ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-21610 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
implement ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-21609 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
correctly ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-21608 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
escape but ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-21607 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
limit size ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-21606 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly
validate ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-21605 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows
users with A ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-21604 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows
attackers wi ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-21603 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not
escape not ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-21602 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows
reading arbi ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2021-21601
RESERVED
CVE-2021-21600
@@ -92501,13 +92501,13 @@ CVE-2020-2225 (Jenkins Matrix Project Plugin 1.16 and
earlier does not escape th
CVE-2020-2224 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape
the nod ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2223 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not
escape cor ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2222 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not
escape the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2221 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not
escape the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2220 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not
escape the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2219 (Jenkins Link Column Plugin 1.0 and earlier does not filter URLs
of lin ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2218 (Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a
password ...)
@@ -92621,13 +92621,13 @@ CVE-2020-2165 (Jenkins Artifactory Plugin 3.6.0 and
earlier transmits configured
CVE-2020-2164 (Jenkins Artifactory Plugin 3.5.0 and earlier stores its
Artifactory se ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2163 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly
processe ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2162 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set
Conten ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2161 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not
properly e ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2160 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses
different repr ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers
with Job ...)
NOT-FOR-US: Jenkins CryptoMove Plugin
CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its
YAML pa ...)
@@ -92737,19 +92737,19 @@ CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and
earlier stores proxy server pa
CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not
escape the ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1
and earli ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed
users with ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed
session ide ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a
non-constant ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use
a const ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was
vulnerable to a ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly
reuses e ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds
Plugin 0. ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform
permission chec ...)
@@ -123185,9 +123185,9 @@ CVE-2005-3590 (The getgrouplist function in the GNU C
library (glibc) before ver
CVE-2019-11067
RESERVED
CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not
properly ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was
updated t ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-11066 (openid.php in LightOpenID through 1.3.1 allows SSRF via a
crafted Open ...)
NOT-FOR-US: LightOpenID
CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to
download ...)
@@ -124984,17 +124984,17 @@ CVE-2019-10408 (A cross-site request forgery
vulnerability in Jenkins Project In
CVE-2019-10407 (Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed
a list ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10406 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not
restrict or ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10405 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the
value o ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10404 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not
escape the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10403 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not
escape the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10402 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the
f:combobox ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10401 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the
f:expandabl ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10400 (A sandbox bypass vulnerability in Jenkins Script Security
Plugin 1.62 ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10399 (A sandbox bypass vulnerability in Jenkins Script Security
Plugin 1.62 ...)
@@ -125028,9 +125028,9 @@ CVE-2019-10386 (A cross-site request forgery
vulnerability in Jenkins XL TestVie
CVE-2019-10385 (Jenkins eggPlant Plugin 2.2 and earlier stores credentials
unencrypted ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10384 (Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed
users to ob ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10383 (A stored cross-site scripting vulnerability in Jenkins 2.191
and earli ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10382 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier
disables SS ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10381 (Jenkins Codefresh Integration Plugin 1.8 and earlier disables
SSL/TLS ...)
@@ -125088,11 +125088,11 @@ CVE-2019-10356 (A sandbox bypass vulnerability in
Jenkins Script Security Plugin
CVE-2019-10355 (A sandbox bypass vulnerability in Jenkins Script Security
Plugin 1.61 ...)
NOT-FOR-US: Jenkins Script Security Plugin
CVE-2019-10354 (A vulnerability in the Stapler web framework used in Jenkins
2.185 and ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10353 (CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and
earlier did ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10352 (A path traversal vulnerability in Jenkins 2.185 and earlier,
LTS 2.176 ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10351 (Jenkins Caliper CI Plugin stores credentials unencrypted in
job config ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10350 (Jenkins Port Allocator Plugin stores credentials unencrypted
in job co ...)
@@ -130307,15 +130307,15 @@ CVE-2019-8952 (A Path Traversal vulnerability
located in the webserver affects s
CVE-2019-8951 (An Open Redirect vulnerability located in the webserver affects
severa ...)
NOT-FOR-US: Bosch
CVE-2019-1003028 (A server-side request forgery vulnerability exists in
Jenkins JMS Mess ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003027 (A server-side request forgery vulnerability exists in
Jenkins OctopusD ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003026 (A server-side request forgery vulnerability exists in
Jenkins Mattermo ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003025 (A exposure of sensitive information vulnerability exists in
Jenkins Cl ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003024 (A sandbox bypass vulnerability exists in Jenkins Script
Security Plugi ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-8950 (The backdoor account dnsekakf2$$ in /bin/login on DASAN H665
devices w ...)
NOT-FOR-US: DASAN
CVE-2019-8949
@@ -136101,7 +136101,7 @@ CVE-2019-6690 (python-gnupg 0.4.3 allows
context-dependent attackers to trick gn
NOTE:
https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
NOTE:
https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web
framework use ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-6689 (An issue was discovered in Dillon Kane Tidal Workload
Automation Agent ...)
NOT-FOR-US: Dillon Kane Tidal Workload Automation Agent
CVE-2019-6688 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2,
14.0.0-14.0.1, 13 ...)
@@ -136482,9 +136482,9 @@ CVE-2019-6502 (sc_context_create in ctx.c in
libopensc in OpenSC 0.19.0 has a me
NOTE:
https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9
(0.20.0-rc1)
NOTE: Negligible security impact, assigning a CVE seems out of
proportion...
CVE-2019-1003004 (An improper authorization vulnerability exists in Jenkins
2.158 and ea ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003003 (An improper authorization vulnerability exists in Jenkins
2.158 and ea ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003002 (A sandbox bypass vulnerability exists in Pipeline:
Declarative Plugin ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-1003001 (A sandbox bypass vulnerability exists in Pipeline: Groovy
Plugin 2.61 ...)
@@ -138633,15 +138633,15 @@ CVE-2018-1000412 (An improper authorization
vulnerability exists in Jenkins Jira
CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins
JUnit Plu ...)
NOT-FOR-US: Jenkins plugin
CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins
2.145 and earl ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and
earlier, ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145
and earlier, ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145
and earli ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and
earlier, LT ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2016-10736 (The "Social Pug - Easy Social Share Buttons" plugin before
1.2.6 for W ...)
NOT-FOR-US: WordPress plugin social-pug
CVE-2019-5882 (Irssi 1.1.x before 1.1.2 has a use after free when hidden lines
are ex ...)
@@ -149418,17 +149418,17 @@ CVE-2018-20010 (DomainMOD 4.11.01 has XSS via the
assets/add/ssl-provider-accoun
CVE-2018-20009 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php
SSL Prov ...)
NOT-FOR-US: DomainMOD
CVE-2018-1000866 (A sandbox bypass vulnerability exists in Pipeline: Groovy
Plugin 2.59 ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000865 (A sandbox bypass vulnerability exists in Script Security
Plugin 1.47 a ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000864 (A denial of service vulnerability exists in Jenkins 2.153
and earlier, ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000863 (A data modification vulnerability exists in Jenkins 2.153
and earlier, ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000862 (An information exposure vulnerability exists in Jenkins
2.153 and earl ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000861 (A code execution vulnerability exists in the Stapler web
framework use ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-20008 (iBall Baton iB-WRB302N20122017 devices have improper access
control ov ...)
NOT-FOR-US: iBall Baton iB-WRB302N20122017 devices
CVE-2018-20007 (Yeelight Smart AI Speaker 3.3.10_0074 devices have improper
access con ...)
@@ -168495,19 +168495,19 @@ CVE-2018-14391
CVE-2018-14390
RESERVED
CVE-2018-1999001 (A unauthorized modification of configuration vulnerability
exists in J ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999002 (A arbitrary file read vulnerability exists in Jenkins 2.132
and earlie ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999003 (A Improper authorization vulnerability exists in Jenkins
2.132 and ear ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999004 (A Improper authorization vulnerability exists in Jenkins
2.132 and ear ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999005 (A cross-site scripting vulnerability exists in Jenkins 2.132
and earli ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999006 (A exposure of sensitive information vulnerability exists in
Jenkins 2. ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999007 (A cross-site scripting vulnerability exists in Jenkins 2.132
and earli ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-14389 (joyplus-cms 1.6.0 has SQL Injection via the
manager/admin_ajax.php val ...)
NOT-FOR-US: joyplus-cms
CVE-2018-14388 (joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php
can_search_de ...)
@@ -175219,11 +175219,11 @@ CVE-2018-1000197 (An improper authorization
vulnerability exists in Jenkins Blac
CVE-2018-1000196 (A exposure of sensitive information vulnerability exists in
Jenkins Gi ...)
NOT-FOR-US: Jenkins plugin
CVE-2018-1000195 (A server-side request forgery vulnerability exists in
Jenkins 2.120 an ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000194 (A path traversal vulnerability exists in Jenkins 2.120 and
older, LTS ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000193 (A improper neutralization of control sequences vulnerability
exists in ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-12015 (In Perl through 5.26.2, the Archive::Tar module allows remote
attacker ...)
{DSA-4226-1}
- perl 5.26.2-6 (bug #900834)
@@ -209857,27 +209857,27 @@ CVE-2017-1000403 (Jenkins Speaks! Plugin, all
current versions, allows users wit
CVE-2017-1000402 (Jenkins Swarm Plugin Client 3.4 and earlier bundled a
version of the c ...)
NOT-FOR-US: Jenkins plugin
CVE-2017-1000401 (The Jenkins 2.73.1 and earlier, 2.83 and earlier default
form control ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000400 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API
at /job/(j ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000399 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API
at /queue/ ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000398 (The remote API in Jenkins 2.73.1 and earlier, 2.83 and
earlier at /com ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000397 (Jenkins Maven Plugin 2.17 and earlier bundled a version of
the commons ...)
NOT-FOR-US: Jenkins plugin
CVE-2017-1000396 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a
version of the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000395 (Jenkins 2.73.1 and earlier, 2.83 and earlier provides
information abou ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000394 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a
version of the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000393 (Jenkins 2.73.1 and earlier, 2.83 and earlier users with
permission to ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000392 (Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion
suggestion ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000391 (Jenkins versions 2.88 and earlier and 2.73.2 and earlier
stores metada ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000390 (Jenkins Multijob plugin version 1.25 and earlier did not
check permiss ...)
NOT-FOR-US: Jenkins plugin
CVE-2017-1000389 (Some URLs provided by Jenkins global-build-stats plugin
version 1.4 an ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b78aa84ff3052a2f160a915c027f41a967b7992
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b78aa84ff3052a2f160a915c027f41a967b7992
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
