jenkins: multiple vulnerabilities
| Package(s): | jenkins | CVE #(s): | CVE-2015-7536 CVE-2015-7537 CVE-2015-7538 CVE-2015-7539 | ||||||||||||||||
| Created: | January 5, 2016 | Updated: | January 6, 2016 | ||||||||||||||||
| Description: | From the Red Hat bugzilla:
CVE-2015-7536: In certain configurations, low privilege users were able to create e.g. HTML files in workspaces and archived artifacts that could result in XSS when accessed by other users. Jenkins now sends Content-Security-Policy headers that enables sandboxing and prohibits script execution by default. This could allow low-privilege users to perform limited XSS in certain configurations. CVE-2015-7537: Several administration/configuration related URLs could be accessed using GET, which allowed attackers to circumvent CSRF protection. This could allow unprivileged attackers to perform some administrative actions via CSRF. CVE-2015-7538: Malicious users were able to circumvent CSRF protection on any URL by sending specially crafted POST requests. This could allow unprivileged attackers to circumvent CSRF protection. CVE-2015-7539: While the Jenkins update site data is digitally signed, and the signature verified by Jenkins, Jenkins did not verify the provided SHA-1 checksums for the plugin files referenced in the update site data. This enabled MITM attacks on the plugin manager, resulting in installation of attacker-provided plugins. This could allow attackers able to manipulate the network path between Jenkins and the update site to install and run arbitrary code on Jenkins. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||