FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- multiple vulnerabilities

Affected packages
jenkins < 2.275
jenkins-lts < 2.263.2

Details

VuXML ID d6f76976-e86d-4f9a-9362-76c849b10db2
Discovery 2021-01-13
Entry 2021-01-13

Jenkins Security Advisory:

Description

(Medium) SECURITY-1452 / CVE-2021-21602

Arbitrary file read vulnerability in workspace browsers

(High) SECURITY-1889 / CVE-2021-21603

XSS vulnerability in notification bar

(High) SECURITY-1923 / CVE-2021-21604

Improper handling of REST API XML deserialization errors

(High) SECURITY-2021 / CVE-2021-21605

Path traversal vulnerability in agent names

(Medium) SECURITY-2023 / CVE-2021-21606

Arbitrary file existence check in file fingerprints

(Medium) SECURITY-2025 / CVE-2021-21607

Excessive memory allocation in graph URLs leads to denial of service

(High) SECURITY-2035 / CVE-2021-21608

Stored XSS vulnerability in button labels

(Low) SECURITY-2047 / CVE-2021-21609

Missing permission check for paths with specific prefix

(High) SECURITY-2153 / CVE-2021-21610

Reflected XSS vulnerability in markup formatter preview

(High) SECURITY-2171 / CVE-2021-21611

Stored XSS vulnerability on new item page

[source]

References

URL https://www.jenkins.io/security/advisory/2021-01-13/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.