Date: Wed, 17 Jun 2026 17:18:35 +0000 From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: c534bbf7e8fc - main - security/vuxml: Document Jenkins Security Advisory 2026-06-10 Message-ID: <6a32d6eb.1d621.1926e33b@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by lwhsu: URL: https://cgit.FreeBSD.org/ports/commit/?id=c534bbf7e8fc19b3787c5acc3356b9bb654a47d8 commit c534bbf7e8fc19b3787c5acc3356b9bb654a47d8 Author: Li-Wen Hsu <lwhsu@FreeBSD.org> AuthorDate: 2026-06-17 16:59:02 +0000 Commit: Li-Wen Hsu <lwhsu@FreeBSD.org> CommitDate: 2026-06-17 17:18:10 +0000 security/vuxml: Document Jenkins Security Advisory 2026-06-10 Sponsored by: The FreeBSD Foundation --- security/vuxml/vuln/2026.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 7bcb12a3aea9..9d0df59ef6a3 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,55 @@ + <vuln vid="35598415-56de-4562-959c-11fb1fd2d995"> + <topic>jenkins -- multiple vulnerabilities</topic> + <affects> + <package> + <name>jenkins</name> + <range><lt>2.568</lt></range> + </package> + <package> + <name>jenkins-lts</name> + <range><lt>2.555.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jenkins Security Advisory 2026-06-10:</p> + <blockquote cite="https://www.jenkins.io/security/advisory/2026-06-10/"> + <ul> + <li>SECURITY-3707 / CVE-2026-53435: Deserialization vulnerability + (High)</li> + <li>SECURITY-3711+3755 / CVE-2026-53436, CVE-2026-53437: Open + redirect vulnerability (Medium)</li> + <li>SECURITY-3712 / CVE-2026-53438: Missing permission check allows + canceling queue items (Medium)</li> + <li>SECURITY-3713 / CVE-2026-53439: Missing permission checks allow + obtaining limited user profile information (Medium)</li> + <li>SECURITY-3721 / CVE-2026-53440: Open redirect vulnerability in + "Delegate to servlet container" security realm (Medium)</li> + <li>SECURITY-3731 / CVE-2026-53441: Stored XSS vulnerability in + node offline cause description (High)</li> + <li>SECURITY-3744 / CVE-2026-53442: Plaintext secrets persisted and + served by config.xml endpoints (Medium)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-53435</cvename> + <cvename>CVE-2026-53436</cvename> + <cvename>CVE-2026-53437</cvename> + <cvename>CVE-2026-53438</cvename> + <cvename>CVE-2026-53439</cvename> + <cvename>CVE-2026-53440</cvename> + <cvename>CVE-2026-53441</cvename> + <cvename>CVE-2026-53442</cvename> + <url>https://www.jenkins.io/security/advisory/2026-06-10/</url> + </references> + <dates> + <discovery>2026-06-10</discovery> + <entry>2026-06-17</entry> + </dates> + </vuln> + <vuln vid="ab152ccb-6a59-11f1-bf61-3c7c3fba4204"> <topic>Routinator -- CWE-755 Improper Handling of Exceptional Conditions</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a32d6eb.1d621.1926e33b>
