more jenkins

2025-06-08 22:18:26 +00:00 · 2018-08-23 10:49:48 -06:00 · 2018-08-23 10:49:48 -06:00 · 7bd2120df1
commit 7bd2120df1
parent ae0a475740
6 changed files with 6 additions and 0 deletions
--- a/2018/1999xxx/CVE-2018-1999042.json
+++ b/2018/1999xxx/CVE-2018-1999042.json
@ -0,0 +1 @@
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-637"}]},"description": {"description_data": [{"lang": "eng","value": "A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.137 and earlier, 2.121.2 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-08-18T21:50:59.833537","DATE_REQUESTED": "2018-08-15T00:00:00","ID": "CVE-2018-1999042","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-502"}]}]}}
--- a/2018/1999xxx/CVE-2018-1999043.json
+++ b/2018/1999xxx/CVE-2018-1999043.json
@ -0,0 +1 @@
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-672"}]},"description": {"description_data": [{"lang": "eng","value": "A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.137 and earlier, 2.121.2 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-08-18T21:50:59.834798","DATE_REQUESTED": "2018-08-15T00:00:00","ID": "CVE-2018-1999043","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-400"}]}]}}
--- a/2018/1999xxx/CVE-2018-1999044.json
+++ b/2018/1999xxx/CVE-2018-1999044.json
@ -0,0 +1 @@
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-790"}]},"description": {"description_data": [{"lang": "eng","value": "A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.137 and earlier, 2.121.2 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-08-18T21:50:59.835876","DATE_REQUESTED": "2018-08-15T00:00:00","ID": "CVE-2018-1999044","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-606"}]}]}}
--- a/2018/1999xxx/CVE-2018-1999045.json
+++ b/2018/1999xxx/CVE-2018-1999045.json
@ -0,0 +1 @@
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-996"}]},"description": {"description_data": [{"lang": "eng","value": "A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.137 and earlier, 2.121.2 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-08-18T21:50:59.836782","DATE_REQUESTED": "2018-08-15T00:00:00","ID": "CVE-2018-1999045","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-284"}]}]}}
--- a/2018/1999xxx/CVE-2018-1999046.json
+++ b/2018/1999xxx/CVE-2018-1999046.json
@ -0,0 +1 @@
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1071"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.137 and earlier, 2.121.2 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-08-18T21:50:59.837778","DATE_REQUESTED": "2018-08-15T00:00:00","ID": "CVE-2018-1999046","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285, CWE-200"}]}]}}
--- a/2018/1999xxx/CVE-2018-1999047.json
+++ b/2018/1999xxx/CVE-2018-1999047.json
@ -0,0 +1 @@
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1076"}]},"description": {"description_data": [{"lang": "eng","value": "A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.137 and earlier, 2.121.2 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-08-18T21:50:59.838728","DATE_REQUESTED": "2018-08-15T00:00:00","ID": "CVE-2018-1999047","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285"}]}]}}
				`@ -0,0 +1 @@`
				{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-637"}]},"description": {"description_data": [{"lang": "eng","value": "A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.137 and earlier, 2.121.2 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-08-18T21:50:59.833537","DATE_REQUESTED": "2018-08-15T00:00:00","ID": "CVE-2018-1999042","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-502"}]}]}}