I have uncovered a security vulnerability in Jenkins (1.569) that needs to be resolved. When creating a job this link results:
http://jenkins.server.com:8080/job/64-bit_CHRIS_PLAY_TEST_HUV02MS/descriptorByName/hudson.scm.ExcludedRegion/checkPattern As a sys admin, not a Jenkins admin, I do not know how this link is generated. However, it is vulnerable to SQL injection. The most common solution is to use prepared statements but I can't spend the time learning how Jenkins works to fix it myself and I don't want to introduce non-standard code. I am guessing that this problem has already been addressed somehow. Is there a patch available? Thanks. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8b673381-aee8-4604-9e97-3a3f508989da%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
