rtyler
/
jenkins.io
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add 2018-04-11 advisory CVE IDs

This commit is contained in:
Daniel Beck 2018-04-14 22:45:24 +02:00
parent ad89e90f14
commit b5a99ea20e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/security/advisory/2018-04-11.adoc
View File

@ -17,7 +17,7 @@ issues:
severity: low
vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
reporter: Assaf Berg # TODO not yet confirmed
cve: CVE pending
cve: CVE-2018-1000169
description: |
The Jenkins CLI sent different error responses for commands with view and agent arguments depending on the existence of the specified views or agents to unauthorized users.
This allowed attackers to determine whether views or agents with specified names exist.
@ -29,7 +29,7 @@ issues:
severity: medium
vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
reporter: Jesper den Boer
cve: CVE pending
cve: CVE-2018-1000170
description: |
Some JavaScript confirmation dialogs included the item name in an unsafe manner, resulting in a possible cross-site scripting vulnerability exploitable by users with permission to create or configure items.