Date: Fri, 3 May 2013 16:26:20 +0000 (UTC) From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r317217 - head/security/vuxml Message-ID: <201305031626.r43GQKci036103@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lwhsu Date: Fri May 3 16:26:19 2013 New Revision: 317217 URL: http://svnweb.freebsd.org/changeset/ports/317217 Log: Document Jenkins Security Advisory 2013-05-02 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri May 3 15:57:58 2013 (r317216) +++ head/security/vuxml/vuln.xml Fri May 3 16:26:19 2013 (r317217) @@ -51,6 +51,62 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="622e14b1-b40c-11e2-8441-00e0814cab4e"> + <topic>jenkins -- multiple vulnerabilities</topic> + <affects> + <package> + <name>jenkins</name> + <range><lt>1.514</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Jenkins Security Advisory reports:</p> + <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02">; + <p>This advisory announces multiple security vulnerabilities that + were found in Jenkins core.</p> + <ol> + <li> + <p>SECURITY-63 / CVE-2013-2034</p> + <p>This creates a cross-site request forgery (CSRF) vulnerability + on Jenkins master, where an anonymous attacker can trick an + administrator to execute arbitrary code on Jenkins master by + having him open a specifically crafted attack URL.</p> + <p>There's also a related vulnerability where the permission + check on this ability is done imprecisely, which may affect + those who are running Jenkins instances with a custom + authorization strategy plugin.</p> + </li> + <li> + <p>SECURITY-67 / CVE-2013-2033</p> + <p>This creates a cross-site scripting (XSS) vulnerability, where + an attacker with a valid user account on Jenkins can execute + JavaScript in the browser of other users, if those users are + using certain browsers.</p> + </li> + <li> + <p>SECURITY-69 / CVE-2013-2034</p> + <p>This is another CSRF vulnerability that allows an attacker to + cause a deployment of binaries to Maven repositories. This + vulnerability has the same CVE ID as SEUCRITY-63.</p> + </li> + <li> + <p>SECURITY-71 / CVE-2013-1808</p> + <p>This creates a cross-site scripting (XSS) vulnerability.</p> + </li> + </ol> + </blockquote> + </body> + </description> + <references> + <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02</url>; + </references> + <dates> + <discovery>2013-05-02</discovery> + <entry>2013-05-03</entry> + </dates> + </vuln> + <vuln vid="e66a6e2f-b0d5-11e2-9164-0016e6dcb562"> <topic>FreeBSD -- NFS remote denial of service</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305031626.r43GQKci036103>