FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- multiple vulnerabilities

Affected packages
jenkins < 2.44
jenkins-lts < 2.32.2

Details

VuXML ID 5cfa9d0c-73d7-4642-af4f-28fbed9e9404
Discovery 2017-02-01
Entry 2017-02-01

Jenkins Security Advisory:

Description

SECURITY-304 / CVE-2017-2598

Use of AES ECB block cipher mode without IV for encrypting secrets

SECURITY-321 / CVE-2017-2599

Items could be created with same name as existing item

SECURITY-343 / CVE-2017-2600

Node monitor data could be viewed by low privilege users

SECURITY-349 / CVE-2011-4969

Possible cross-site scripting vulnerability in jQuery bundled with timeline widget

SECURITY-353 / CVE-2017-2601

Persisted cross-site scripting vulnerability in parameter names and descriptions

SECURITY-354 / CVE-2015-0886

Outdated jbcrypt version bundled with Jenkins

SECURITY-358 / CVE-2017-2602

Pipeline metadata files not blacklisted in agent-to-master security subsystem

SECURITY-362 / CVE-2017-2603

User data leak in disconnected agents' config.xml API

SECURITY-371 / CVE-2017-2604

Low privilege users were able to act on administrative monitors

SECURITY-376 / CVE-2017-2605

Re-key admin monitor leaves behind unencrypted credentials in upgraded installations

SECURITY-380 / CVE-2017-2606

Internal API allowed access to item names that should not be visible

SECURITY-382 / CVE-2017-2607

Persisted cross-site scripting vulnerability in console notes

SECURITY-383 / CVE-2017-2608

XStream remote code execution vulnerability

SECURITY-385 / CVE-2017-2609

Information disclosure vulnerability in search suggestions

SECURITY-388 / CVE-2017-2610

Persisted cross-site scripting vulnerability in search suggestions

SECURITY-389 / CVE-2017-2611

Insufficient permission check for periodic processes

SECURITY-392 / CVE-2017-2612

Low privilege users were able to override JDK download credentials

SECURITY-406 / CVE-2017-2613

User creation CSRF using GET by admins

References

CVE Name CVE-2011-4969
CVE Name CVE-2015-0886
CVE Name CVE-2017-2598
CVE Name CVE-2017-2599
CVE Name CVE-2017-2600
CVE Name CVE-2017-2601
CVE Name CVE-2017-2602
CVE Name CVE-2017-2603
CVE Name CVE-2017-2604
CVE Name CVE-2017-2605
CVE Name CVE-2017-2606
CVE Name CVE-2017-2607
CVE Name CVE-2017-2608
CVE Name CVE-2017-2609
CVE Name CVE-2017-2610
CVE Name CVE-2017-2611
CVE Name CVE-2017-2612
CVE Name CVE-2017-2613
URL https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01