FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- multiple vulnerabilities

Affected packages
jenkins < 2.138
jenkins-lts < 2.121.3

Details

VuXML ID 6905f05f-a0c9-11e8-8335-8c164535ad80
Discovery 2018-08-15
Entry 2018-08-15

Jenkins Security Advisory:

Description

(Low) SECURITY-637

Jenkins allowed deserialization of URL objects with host components

(Medium) SECURITY-672

Ephemeral user record was created on some invalid authentication attempts

(Medium) SECURITY-790

Cron expression form validation could enter infinite loop, potentially resulting in denial of service

(Low) SECURITY-996

"Remember me" cookie was evaluated even if that feature is disabled

(Medium) SECURITY-1071

Unauthorized users could access agent logs

(Low) SECURITY-1076

Unauthorized users could cancel scheduled restarts initiated from the update center

References

URL https://jenkins.io/security/advisory/2018-08-15/