7 matches found
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1304 more potentially affected by CVE-2015-5323 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.625.1)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0, =2.2.1, =1.0.3, =1.0.0, =1.0, =1.0.0, =1.2.0 and more Source cves: CVE-2015-5323 Source advisory: OSV:GHSA-X4M5-J4X4-4WJG...
Cross-Site Scripting (XSS)
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...
Path Traversal
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...
Sensitive Information Disclosure
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...
Fedora 23 : jenkins-1.625.2-2.fc23 / jenkins-remoting-2.53-1.fc23 (2015-d02feebd15)
Update to 1.625.2 - Resolves: CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, CVE-2015-5324, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5325, CVE-2015-5326, SECURITY-218 Note that Tenable Network Security has extracted the preceding description block directly from the Fedor...
Fedora 22 : jenkins-1.609.3-4.fc22 (2015-89468612f5)
Security update, fixes: CVE-2015-5317 SECURITY-153, CVE-2015-5319 SECURITY-173, CVE-2015-5324 SECURITY-186, CVE-2015-5321 SECURITY-192, CVE-2015-5322 SECURITY-195, CVE-2015-5323 SECURITY-200, CVE-2015-5326 SECURITY-214 Note that Tenable Network Security has extracted the preceding description blo...
CVE-2015-5323
CVE-2015-5323 affects Jenkins: versions before 1.638 and the LTS line prior to 1.625.2 do not properly restrict access to API tokens, which could allow a remote administrator to gain privileges and run scripts using another user’s API token. Mitigation is to upgrade to Jenkins 1.638 or later, and...