FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- multiple vulnerabilities

Affected packages
jenkins < 2.424
jenkins-lts < 2.414.2

Details

VuXML ID 402fccd0-5b6d-11ee-9898-00e081b7aa2d
Discovery 2023-09-20
Entry 2023-09-25

Jenkins Security Advisory:

Description

(Medium) SECURITY-3261 / CVE-2023-43494

Builds can be filtered by values of sensitive build variables

(High) SECURITY-3245 / CVE-2023-43495

Stored XSS vulnerability

(High) SECURITY-3072 / CVE-2023-43496

Temporary plugin file created with insecure permissions

(Low) SECURITY-3073 / CVE-2023-43497 (Stapler), CVE-2023-43498 (MultipartFormDataParser)

Temporary uploaded file created with insecure permissions

[source]

References

CVE Name CVE-2023-43494
CVE Name CVE-2023-43495
CVE Name CVE-2023-43496
CVE Name CVE-2023-43497
URL https://www.jenkins.io/security/advisory/2023-09-20/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.