FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- multiple vulnerabilities

Affected packages
jenkins < 2.394
jenkins-lts < 2.387.1

Details

VuXML ID f68bb358-be8e-11ed-9215-00e081b7aa2d
Discovery 2023-03-08
Entry 2023-03-09

Jenkins Security Advisory:

Description

(High) SECURITY-3037 / CVE-2023-27898

XSS vulnerability in plugin manager

(Medium) SECURITY-3030 / CVE-2023-24998 (upstream issue), CVE-2023-27900 (MultipartFormDataParser), CVE-2023-27901 (StaplerRequest)

DoS vulnerability in bundled Apache Commons FileUpload library

(Medium) SECURITY-1807 / CVE-2023-27902

Workspace temporary directories accessible through directory browser

(Low) SECURITY-3058 / CVE-2023-27903

Temporary file parameter created with insecure permissions

(Low) SECURITY-2120 / CVE-2023-27904

Information disclosure through error stack traces related to agents

References

CVE Name CVE-2023-24998
CVE Name CVE-2023-27898
CVE Name CVE-2023-27900
CVE Name CVE-2023-27901
CVE Name CVE-2023-27902
CVE Name CVE-2023-27903
CVE Name CVE-2023-27904
URL https://www.jenkins.io/security/advisory/2023-03-08/