Описание
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Fixed | RHSA-2019:2503 | 15.08.2019 |
| Red Hat OpenShift Container Platform 4.1 | jenkins | Fixed | RHSA-2019:2548 | 28.08.2019 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1730869jenkins: Unauthorized view fragment access (SECURITY-534)
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 6 лет назад
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
CVSS3: 4.3
debian
больше 6 лет назад
A vulnerability in the Stapler web framework used in Jenkins 2.185 and ...
4.3 Medium
CVSS3