[Git][security-tracker-team/security-tracker][master] NFUs

Thu, 13 Jan 2022 02:54:38 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1d56fffd by Moritz Muehlenhoff at 2022-01-13T11:54:06+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -211,33 +211,33 @@ CVE-2022-23120
 CVE-2022-23119
        RESERVED
 CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier 
implements fu ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements 
functionali ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23116 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements 
functionali ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23115 (Cross-site request forgery (CSRF) vulnerabilities in Jenkins 
batch tas ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23114 (Jenkins Publish Over SSH Plugin 1.22 and earlier stores 
password unenc ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23113 (Jenkins Publish Over SSH Plugin 1.22 and earlier performs a 
validation ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23112 (A missing permission check in Jenkins Publish Over SSH Plugin 
1.22 and ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23111 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Publish O ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23110 (Jenkins Publish Over SSH Plugin 1.22 and earlier does not 
escape the S ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23109 (Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask 
Vault c ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23108 (Jenkins Badge Plugin 1.9 and earlier does not escape the 
description a ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23107 (Jenkins Warnings Next Generation Plugin 9.10.2 and earlier 
does not re ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23106 (Jenkins Configuration as Code Plugin 1.55 and earlier used a 
non-const ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not 
encrypt the  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-23102
        RESERVED
 CVE-2022-21236
@@ -13924,25 +13924,25 @@ CVE-2021-43063 (A improper neutralization of input 
during web page generation ('
 CVE-2021-43062
        RESERVED
 CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access 
key unencr ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-20619 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Bitbucket ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-20618 (A missing permission check in Jenkins Bitbucket Branch Source 
Plugin 7 ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-20617 (Jenkins Docker Commons Plugin 1.17 and earlier does not 
sanitize the n ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-20616 (Jenkins Credentials Binding Plugin 1.27 and earlier does not 
perform a ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-20615 (Jenkins Matrix Project Plugin 1.19 and earlier does not escape 
HTML me ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-20614 (A missing permission check in Jenkins Mailer Plugin 
391.ve4a_38c1b_cf4 ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-20613 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Mailer Pl ...)
-       TODO: check
+       NOT-FOR-US: Jenkins plugin
 CVE-2022-20612 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
2.329 and ...)
-       TODO: check
+       - jenkins <removed>
 CVE-2021-43061
        RESERVED
 CVE-2021-43060



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d56fffdf9c79d1ebf8a28c4e9b9a25ff7e2b51f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d56fffdf9c79d1ebf8a28c4e9b9a25ff7e2b51f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to