FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- multiple vulnerabilities

Affected packages
jenkins < 2.57
jenkins-lts < 2.46.2

Details

VuXML ID 631c4710-9be5-4a80-9310-eb2847fe24dd
Discovery 2017-04-26
Entry 2017-04-27

Jenkins Security Advisory:

Description

SECURITY-412 through SECURITY-420 / CVE-2017-1000356

CSRF: Multiple vulnerabilities

SECURITY-429 / CVE-2017-1000353

CLI: Unauthenticated remote code execution

SECURITY-466 / CVE-2017-1000354

CLI: Login command allowed impersonating any Jenkins user

SECURITY-503 / CVE-2017-1000355

XStream: Java crash when trying to instantiate void/Void

References

CVE Name CVE-2017-1000353
CVE Name CVE-2017-1000354
CVE Name CVE-2017-1000355
CVE Name CVE-2017-1000356
URL https://jenkins.io/security/advisory/2017-04-26/