Thanks Mark! That's good info. I'll break it down and see where we stand.
On Tue, Apr 17, 2018 at 2:36 PM, Mark Waite <[email protected]> wrote: > Your mail doesn't tell us what security vulnerability is believed to exist. > > Can you explain further what the report means and what you believe should > be done? > > Mark Waite > > On Tue, Apr 17, 2018, 9:02 AM Eric Fetzer <[email protected]> wrote: > >> No one has any ideas about this at all? >> >> >> >> On Friday, April 13, 2018 at 12:21:36 PM UTC-6, Eric Fetzer wrote: >>> >>> We're getting gigged on a security scan that looking at Jenkins >>> documentation, should not be happening. The scan is turning up: >>> >>> >>> *Vulnerability* >>> >>> *Host* >>> >>> *IP* >>> >>> *Port* >>> >>> *201701* >>> >>> *201702* >>> >>> *201703* >>> >>> *201704* >>> >>> *201705* >>> >>> *201706* >>> >>> *201707* >>> >>> Jenkins JDK / Ant Tools Job Configuration Stored XSS Vulnerability >>> (SECURITY-624) >>> <redacted> >>> >>> <redacted> >>> >>> TCP:8080 >>> >>> NO >>> >>> NO >>> >>> NO >>> >>> NO >>> >>> NO >>> >>> NO >>> >>> NO >>> >>> >>> In the documentation, I see 2 places where this could be turning up. >>> Ant plugin prior to 1.8, and Jenkins version prior to 2.93. Our Jenkins >>> version is 2.107.1 and we just upgraded our Ant plugin to 1.8. Anyone have >>> an idea what's getting us here? >>> >>> Thanks, >>> Eric >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ >> msgid/jenkinsci-users/58bf582a-a106-4f95-966a- >> 07642c16e11c%40googlegroups.com >> <https://groups.google.com/d/msgid/jenkinsci-users/58bf582a-a106-4f95-966a-07642c16e11c%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/jenkinsci-users/fKY3_xmAPkk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-users/CAO49JtH_8yxLHf2umcysCn1Wn7N248jMSyDXa- > ybz%3D0fA6fBaw%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtH_8yxLHf2umcysCn1Wn7N248jMSyDXa-ybz%3D0fA6fBaw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAByBicb%3Dk6t1m-dVLdgMxscab7wv2tNoY_BRx4T_nqUCoQMeFQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
