rtyler
/
jenkins.io
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #1499 from daniel-beck/cves--2018-04-11 

Add 2018-04-11 advisory CVE IDs
This commit is contained in:
Liam Newman 2018-04-14 19:51:09 -07:00 committed by GitHub
parent aa1650a601 b5a99ea20e
commit e0cd3474ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/security/advisory/2018-04-11.adoc
View File

@ -17,7 +17,7 @@ issues:
severity: low
vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
reporter: Assaf Berg # TODO not yet confirmed
cve: CVE pending
cve: CVE-2018-1000169
description: |
The Jenkins CLI sent different error responses for commands with view and agent arguments depending on the existence of the specified views or agents to unauthorized users.
This allowed attackers to determine whether views or agents with specified names exist.
@ -29,7 +29,7 @@ issues:
severity: medium
vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
reporter: Jesper den Boer
cve: CVE pending
cve: CVE-2018-1000170
description: |
Some JavaScript confirmation dialogs included the item name in an unsafe manner, resulting in a possible cross-site scripting vulnerability exploitable by users with permission to create or configure items.