FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- multiple vulnerabilities

Affected packages
jenkins < 2.146
jenkins-lts < 2.138.2

Details

VuXML ID 3350275d-cd5a-11e8-a7be-3497f683cb16
Discovery 2018-10-10
Entry 2018-10-11

Jenkins Security Advisory:

Description

(Low) SECURITY-867

Path traversal vulnerability in Stapler allowed accessing internal data

(Medium) SECURITY-1074

Arbitrary file write vulnerability using file parameter definitions

(Medium) SECURITY-1129

Reflected XSS vulnerability

(Medium) SECURITY-1162

Ephemeral user record was created on some invalid authentication attempts

(Medium) SECURITY-1128

Ephemeral user record creation

(Medium) SECURITY-1158

Session fixation vulnerability on user signup

(Medium) SECURITY-765

Failures to process form submission data could result in secrets being displayed or written to logs

References

URL https://jenkins.io/security/advisory/2018-10-10/