This is not an SQL injection, configuration page calls all checks for form validations https://wiki.jenkins-ci.org/display/JENKINS/Form+Validation
On Tuesday, February 3, 2015 at 9:35:15 PM UTC+3, Daniel Beck wrote: > > Just to clear this up, since it was reported publicly: > > This appears to be from the CVS plugin and is clearly a false positive: > > https://github.com/jenkinsci/cvs-plugin/blob/master/src/main/java/hudson/scm/ExcludedRegion.java#L100 > > > It seems the scanner mistakes printing parts of the input (to return a > helpful error message about an invalid regex to the user) as SQL injection > for some reason. > > On 03.02.2015, at 15:54, Wt Riker <[email protected] <javascript:>> > wrote: > > > I posted this once but it seems to have disappeared so my apologies if > it shows up as a duplicate. I have discovered a security vulnerability in > Jenkins (1.569). I am a sys admin, not a Jenkins admin, so I do not know > how this link is generate and I don't want to start mucking with Jenkins > code to fix it. When a job is created a link like this is generated: > > > > > http://jenkins.server.com:8080/job/64-bit_CHRIS_PLAY_TEST_HUV02MS/descriptorByName/hudson.scm.ExcludedRegion/checkPattern > > > > > This link is vulnerable to SQL injection. The usual way to correct this > is to use prepared statements. In any case I am guessing this has been > addressed already and I am looking for the fix. TIA. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Jenkins Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/eb52c2a4-1359-4603-afa1-61dd0f39d172%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/0a5f4b5a-917b-4ab8-bf40-073bf7f60331%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
