Описание
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.
A flaw was found in Jenkins. Due to lack of validation of the newly created view name, an attackers with View/Create permission are allowed to create views with invalid or already-used names.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Fix deferred | ||
| Red Hat OpenShift Container Platform 4.7 | jenkins | Fixed | RHSA-2021:1551 | 19.05.2021 |
| Red Hat OpenShift Container Platform 4.8 | jenkins | Fixed | RHSA-2021:2437 | 27.07.2021 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly c ...
4.3 Medium
CVSS3