FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- HTTP access to the server to retrieve the master cryptographic key

Affected packages
jenkins < 1.498


VuXML ID 3a65d33b-5950-11e2-b66b-00e0814cab4e
Discovery 2013-01-04
Entry 2013-01-08

Jenkins Security Advisory reports:

This advisory announces a security vulnerability that was found in Jenkins core.

An attacker can then use this master cryptographic key to mount remote code execution attack against the Jenkins master, or impersonate arbitrary users in making REST API calls.

There are several factors that mitigate some of these problems that may apply to specific installations.