svn commit: r461823 - head/security/vuxml
Steve Wills
swills at FreeBSD.org
Wed Feb 14 17:42:42 UTC 2018
Author: swills
Date: Wed Feb 14 17:42:41 2018
New Revision: 461823
URL: https://svnweb.freebsd.org/changeset/ports/461823
Log:
Document Jenkins vulnerability
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Feb 14 17:25:48 2018 (r461822)
+++ head/security/vuxml/vuln.xml Wed Feb 14 17:42:41 2018 (r461823)
@@ -58,6 +58,40 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="5d374fbb-bae3-45db-afc0-795684ac7353">
+ <topic>jenkins -- Path traversal vulnerability allows access to files outside plugin resources</topic>
+ <affects>
+ <package>
+ <name>jenkins</name>
+ <range><le>2.106</le></range>
+ </package>
+ <package>
+ <name>jenkins-lts</name>
+ <range><le>2.89.3</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Jenkins developers report:</p>
+ <blockquote cite="https://jenkins.io/security/advisory/2018-02-14/">
+ <p>Jenkins did not properly prevent specifying relative paths that
+ escape a base directory for URLs accessing plugin resource files. This
+ allowed users with Overall/Read permission to download files from the
+ Jenkins master they should not have access to.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://jenkins.io/security/advisory/2018-02-14/</url>
+ <url>https://jenkins.io/blog/2018/02/14/security-updates/</url>
+ <cvename>CVE-2018-6356</cvename>
+ </references>
+ <dates>
+ <discovery>2018-02-14</discovery>
+ <entry>2018-02-14</entry>
+ </dates>
+ </vuln>
+
<vuln vid="279f682c-0e9e-11e8-83e7-485b3931c969">
<topic>bchunk -- access violation near NULL on destination operand and crash</topic>
<affects>
More information about the svn-ports-all
mailing list