Hi, Currently offline, so I can't give you the full URL. But security issues should not be reported here, but on the SECURITY project on the Jenkins JIRA instance. The issues logged there are not accessible publicly and let the secu team work on them and produce a fix before disclosure.
HTH Cheers Le 3 févr. 2015 16:19, "Wt Riker" <[email protected]> a écrit : > I have uncovered a security vulnerability in Jenkins (1.569) that needs to > be resolved. When creating a job this link results: > > > http://jenkins.server.com:8080/job/64-bit_CHRIS_PLAY_TEST_HUV02MS/descriptorByName/hudson.scm.ExcludedRegion/checkPattern > > As a sys admin, not a Jenkins admin, I do not know how this link is > generated. However, it is vulnerable to SQL injection. The most common > solution is to use prepared statements but I can't spend the time learning > how Jenkins works to fix it myself and I don't want to introduce > non-standard code. I am guessing that this problem has already been > addressed somehow. Is there a patch available? Thanks. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/8b673381-aee8-4604-9e97-3a3f508989da%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/8b673381-aee8-4604-9e97-3a3f508989da%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS7YFc6NMNTRMh-kjT%3DMjSgL8DK1Po7z1qbUZHwbZDL3%3Dg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
