openshift: multiple vulnerabilities
| Package(s): | openshift | CVE #(s): | CVE-2013-0327 CVE-2013-0328 CVE-2013-0329 CVE-2013-0330 CVE-2013-0331 | ||||
| Created: | March 13, 2013 | Updated: | March 13, 2013 | ||||
| Description: | From the Red Hat advisory:
It was found that Jenkins did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into Jenkins, into visiting a specially-crafted URL, the attacker could perform operations on Jenkins. (CVE-2013-0327, CVE-2013-0329) A cross-site scripting (XSS) flaw was found in Jenkins. A remote attacker could use this flaw to conduct an XSS attack against users of Jenkins. (CVE-2013-0328) A flaw could allow a Jenkins user to build jobs they do not have access to. (CVE-2013-0330) A flaw could allow a Jenkins user to cause a denial of service if they are able to supply a specially-crafted payload. (CVE-2013-0331) | ||||||
| Alerts: |
| ||||||