I posted this once but it seems to have disappeared so my apologies if it shows up as a duplicate. I have discovered a security vulnerability in Jenkins (1.569). I am a sys admin, not a Jenkins admin, so I do not know how this link is generate and I don't want to start mucking with Jenkins code to fix it. When a job is created a link like this is generated:
http://jenkins.server.com:8080/job/64-bit_CHRIS_PLAY_TEST_HUV02MS/descriptorByName/hudson.scm.ExcludedRegion/checkPattern This link is vulnerable to SQL injection. The usual way to correct this is to use prepared statements. In any case I am guessing this has been addressed already and I am looking for the fix. TIA. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/eb52c2a4-1359-4603-afa1-61dd0f39d172%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
