oss-sec mailing list archives

Re: CVE Request: Jenkins possible remote code execution

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 07 Jan 2013 14:17:28 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/07/2013 11:25 AM, Salvatore Bonaccorso wrote:

Hi

There was another advisory for Jenkins[1]. According to the
advisory remote code execution should be possible. Could a CVE be
assigned to this issue?

[1]:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04

 Regards, Salvatore


Please use CVE-2013-0158 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ6ztoAAoJEBYNRVNeJnmT9y4P/iSZl8Ef/39XfzxUpcMIuc1t
S0glo/s0SPpYwibcr+qTvbj8BKSANrwQorQTj8zJaOkSXr+j/YxP2PNDRRjbiJs1
y+f2kcL0XsO0NCn6SXDeX/zU8j+i/0m8L2oUJrIGHtOm39G6qery32oIV4Siv6Ox
TeCuoesiApiIrhp6b/EmtOGGH7MtLecXpTYc5EorIaXGuuDUtNocVwBegbZHd3Pl
QqglBzIaB8nGXZBODL8Cg/WC8UIy8NCB/pDl48ESwluLTZg2hYHdjch8QlvPMSU2
9cIior6zb9f331q9x6vOZu36U8mnQCQ8nq/ryqj5bPCuHX6RMrvVPL6VGQhOUVI3
wqR+buXhxMVf8LCixjVx07nv2OvaSmN27EP5+S6d1XXwxilI2FZaug8HeuPRIcv3
x8FdZYlrfR6BJobONJ/esdlS14Ec99kqJT6sbg053HcWHHLZUGTmfny1bq3eTKFL
85HfqDSi9OmMbahu2SJ9q9Q8s7gTtAAoqU85SnjNiSCf0jZUgPibjFTcPy/lFLPH
uA8lzN7V5Ms76CeHEAXmLyClkGWRsU3cgCf6aoebzePPLUhFKPQmb00G4UU0NCPW
IhFlsVGykBM37ulLW12+uDNoafRkWNdGPT23pdO60gGlbp33/0lNjeqVBC/8zw1T
vKknCoUeBz307WpFbOUk
=09WE
-----END PGP SIGNATURE-----

Current thread:

CVE Request: Jenkins possible remote code execution Salvatore Bonaccorso (Jan 07)
- Re: CVE Request: Jenkins possible remote code execution Kurt Seifried (Jan 07)