oss-sec mailing list archives
CVE request: jenkins
From: Jamie Strandboge <jamie () canonical com>
Date: Wed, 23 Nov 2011 08:37:17 -0600
XSS in jenkins[1]: "Luca De Fulgentis discovered a cross-site scripting vulnerability in Jenkins that allows an attacker to embed malicious JavaScript into pages generated by Jenkins. The attacker does not need a valid user account in order to exploit this vulnerability." This is part of the "winstone" servlet container that Jenkins runs in when running in standalone mode. Patch: https://github.com/jenkinsci/winstone/commit/410ed3001d51c689cf59085b7417466caa2ded7b.patch [1]http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE request: jenkins Jamie Strandboge (Nov 23)
- Re: CVE request: jenkins Kurt Seifried (Nov 23)