Add 2018-04-11 advisory CVE IDs
This commit is contained in:
parent
ad89e90f14
commit
b5a99ea20e
|
@ -17,7 +17,7 @@ issues:
|
|||
severity: low
|
||||
vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
reporter: Assaf Berg # TODO not yet confirmed
|
||||
cve: CVE pending
|
||||
cve: CVE-2018-1000169
|
||||
description: |
|
||||
The Jenkins CLI sent different error responses for commands with view and agent arguments depending on the existence of the specified views or agents to unauthorized users.
|
||||
This allowed attackers to determine whether views or agents with specified names exist.
|
||||
|
@ -29,7 +29,7 @@ issues:
|
|||
severity: medium
|
||||
vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
reporter: Jesper den Boer
|
||||
cve: CVE pending
|
||||
cve: CVE-2018-1000170
|
||||
description: |
|
||||
Some JavaScript confirmation dialogs included the item name in an unsafe manner, resulting in a possible cross-site scripting vulnerability exploitable by users with permission to create or configure items.
|
||||
|
||||
|
|
Loading…
Reference in New Issue