Action not permitted
Modal body text goes here.
cve-2015-1811
Vulnerability from cvelistv5
Published
2020-01-15 18:05
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1205632 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://jenkins.io/security/advisory/2015-02-27/ | Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| CloudBees | Jenkins | |
| CloudBees | Jenkins LTS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins",
"vendor": "CloudBees",
"versions": [
{
"status": "affected",
"version": "before 1.600"
}
]
},
{
"product": "Jenkins LTS",
"vendor": "CloudBees",
"versions": [
{
"status": "affected",
"version": "before 1.596.1"
}
]
}
],
"datePublic": "2015-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T18:05:34",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "before 1.600"
}
]
}
},
{
"product_name": "Jenkins LTS",
"version": {
"version_data": [
{
"version_value": "before 1.596.1"
}
]
}
}
]
},
"vendor_name": "CloudBees"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"name": "https://jenkins.io/security/advisory/2015-02-27/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1811",
"datePublished": "2020-01-15T18:05:34",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-1811\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-01-15T19:15:12.517\",\"lastModified\":\"2020-01-24T14:18:20.340\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de tipo XML external entity (XXE) en CloudBees Jenkins versiones anteriores a 1.600 y LTS versiones anteriores a 1.596.1, permite a atacantes remotos leer archivos XML arbitrarios por medio de un documento XML dise\u00f1ado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:cloudbees:*:*:*:*:lts:jenkins:*:*\",\"versionEndExcluding\":\"1.596.1\",\"matchCriteriaId\":\"C84374AF-1A74-442D-B5DB-AF0A9AC70F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:cloudbees:*:*:*:*:*:jenkins:*:*\",\"versionEndExcluding\":\"1.600\",\"matchCriteriaId\":\"000A7DB6-8E3A-4936-A2F2-DFC6A7B5E07E\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1205632\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://jenkins.io/security/advisory/2015-02-27/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
gsd-2015-1811
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-1811",
"description": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.",
"id": "GSD-2015-1811",
"references": [
"https://access.redhat.com/errata/RHSA-2015:1844"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-1811"
],
"details": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.",
"id": "GSD-2015-1811",
"modified": "2023-12-13T01:20:05.630533Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins",
"version": {
"version_data": [
{
"version_value": "before 1.600"
}
]
}
},
{
"product_name": "Jenkins LTS",
"version": {
"version_data": [
{
"version_value": "before 1.596.1"
}
]
}
}
]
},
"vendor_name": "CloudBees"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"name": "https://jenkins.io/security/advisory/2015-02-27/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jenkins:cloudbees:*:*:*:*:lts:jenkins:*:*",
"cpe_name": [],
"versionEndExcluding": "1.596.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:cloudbees:*:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"versionEndExcluding": "1.600",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1811"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"name": "https://jenkins.io/security/advisory/2015-02-27/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2015-02-27/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-01-24T14:18Z",
"publishedDate": "2020-01-15T19:15Z"
}
}
}
ghsa-qg7x-4h4q-3m49
Vulnerability from github
Published
2022-05-24 17:06
Modified
2024-01-30 21:10
Severity ?
Summary
XML external entity (XXE) vulnerability in Jenkins
Details
XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "1.597"
},
{
"fixed": "1.600"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.main:jenkins-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.596.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-1811"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": true,
"github_reviewed_at": "2024-01-30T21:10:30Z",
"nvd_published_at": "2020-01-15T19:15:00Z",
"severity": "HIGH"
},
"details": "XML external entity (XXE) vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document.",
"id": "GHSA-qg7x-4h4q-3m49",
"modified": "2024-01-30T21:10:30Z",
"published": "2022-05-24T17:06:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1811"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2015-02-27"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "XML external entity (XXE) vulnerability in Jenkins"
}
rhsa-2015_1844
Vulnerability from csaf_redhat
Published
2015-09-30 16:35
Modified
2024-11-22 09:23
Summary
Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.7 security, bug fix and enhancement update
Notes
Topic
Red Hat OpenShift Enterprise release 2.2.7 is now available with
updates to packages that fix several bugs and introduce feature
enhancements.
Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the references section.
Details
OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
Space precludes documenting all of the bug fixes in this advisory.
See the OpenShift Enterprise Technical Notes, which will be updated
shortly for release 2.2.7, for details about these changes. The
following security issues are addressed in this release:
A flaw was found in the Jenkins API token-issuing service. The
service was not properly protected against anonymous users,
potentially allowing remote attackers to escalate privileges.
(CVE-2015-1814)
It was found that the combination filter Groovy script could allow
a remote attacker to potentially execute arbitrary code on a
Jenkins master. (CVE-2015-1806)
It was found that when building artifacts, the Jenkins server would
follow symbolic links, potentially resulting in disclosure of
information on the server. (CVE-2015-1807)
A denial of service flaw was found in the way Jenkins handled
certain update center data. An authenticated user could provide
specially crafted update center data to Jenkins, causing plug-in
and tool installation to not work properly. (CVE-2015-1808)
It was found that Jenkins' XPath handling allowed XML External
Entity (XXE) expansion. A remote attacker with read access could
use this flaw to read arbitrary XML files on the Jenkins server.
(CVE-2015-1809)
It was discovered that the internal Jenkins user database did not
restrict access to reserved names, allowing users to escalate
privileges. (CVE-2015-1810)
It was found that Jenkins' XML handling allowed XML External Entity
(XXE) expansion. A remote attacker with the ability to pass XML
data to Jenkins could use this flaw to read arbitrary XML files on
the Jenkins server. (CVE-2015-1811)
Two cross-site scripting (XSS) flaws were found in Jenkins. A
remote attacker could use these flaws to conduct XSS attacks
against users of an application using Jenkins. (CVE-2015-1812,
CVE-2015-1813)
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html
All OpenShift Enterprise 2 users are advised to upgrade to these
updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Enterprise release 2.2.7 is now available with \nupdates to packages that fix several bugs and introduce feature \nenhancements.\n\nRed Hat Product Security has rated this update as having Important \nsecurity impact. A Common Vulnerability Scoring System (CVSS) base \nscore, which gives a detailed severity rating, is available from the \nCVE link in the references section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Enterprise by Red Hat is the company\u0027s cloud computing \nPlatform-as-a-Service (PaaS) solution designed for on-premise or \nprivate cloud deployments.\n\nSpace precludes documenting all of the bug fixes in this advisory. \nSee the OpenShift Enterprise Technical Notes, which will be updated \nshortly for release 2.2.7, for details about these changes. The\nfollowing security issues are addressed in this release:\n\nA flaw was found in the Jenkins API token-issuing service. The \nservice was not properly protected against anonymous users, \npotentially allowing remote attackers to escalate privileges. \n(CVE-2015-1814)\n\nIt was found that the combination filter Groovy script could allow \na remote attacker to potentially execute arbitrary code on a \nJenkins master. (CVE-2015-1806)\n\nIt was found that when building artifacts, the Jenkins server would \nfollow symbolic links, potentially resulting in disclosure of \ninformation on the server. (CVE-2015-1807)\n\nA denial of service flaw was found in the way Jenkins handled \ncertain update center data. An authenticated user could provide \nspecially crafted update center data to Jenkins, causing plug-in \nand tool installation to not work properly. (CVE-2015-1808)\n\nIt was found that Jenkins\u0027 XPath handling allowed XML External \nEntity (XXE) expansion. A remote attacker with read access could \nuse this flaw to read arbitrary XML files on the Jenkins server. \n(CVE-2015-1809)\n\nIt was discovered that the internal Jenkins user database did not \nrestrict access to reserved names, allowing users to escalate \nprivileges. (CVE-2015-1810)\n\nIt was found that Jenkins\u0027 XML handling allowed XML External Entity \n(XXE) expansion. A remote attacker with the ability to pass XML \ndata to Jenkins could use this flaw to read arbitrary XML files on \nthe Jenkins server. (CVE-2015-1811)\n\nTwo cross-site scripting (XSS) flaws were found in Jenkins. A \nremote attacker could use these flaws to conduct XSS attacks \nagainst users of an application using Jenkins. (CVE-2015-1812, \nCVE-2015-1813)\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html\nAll OpenShift Enterprise 2 users are advised to upgrade to these \nupdated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1844",
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1062253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062253"
},
{
"category": "external",
"summary": "1128567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128567"
},
{
"category": "external",
"summary": "1130028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1130028"
},
{
"category": "external",
"summary": "1138522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138522"
},
{
"category": "external",
"summary": "1152524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152524"
},
{
"category": "external",
"summary": "1160699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160699"
},
{
"category": "external",
"summary": "1171815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1171815"
},
{
"category": "external",
"summary": "1191283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191283"
},
{
"category": "external",
"summary": "1197123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197123"
},
{
"category": "external",
"summary": "1197576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197576"
},
{
"category": "external",
"summary": "1205615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205615"
},
{
"category": "external",
"summary": "1205616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205616"
},
{
"category": "external",
"summary": "1205620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205620"
},
{
"category": "external",
"summary": "1205622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205622"
},
{
"category": "external",
"summary": "1205623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205623"
},
{
"category": "external",
"summary": "1205625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625"
},
{
"category": "external",
"summary": "1205627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205627"
},
{
"category": "external",
"summary": "1205632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"category": "external",
"summary": "1216206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216206"
},
{
"category": "external",
"summary": "1217572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217572"
},
{
"category": "external",
"summary": "1221931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221931"
},
{
"category": "external",
"summary": "1225943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225943"
},
{
"category": "external",
"summary": "1226061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226061"
},
{
"category": "external",
"summary": "1227501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227501"
},
{
"category": "external",
"summary": "1228373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228373"
},
{
"category": "external",
"summary": "1229300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229300"
},
{
"category": "external",
"summary": "1232827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232827"
},
{
"category": "external",
"summary": "1232921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232921"
},
{
"category": "external",
"summary": "1241750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1241750"
},
{
"category": "external",
"summary": "1257757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257757"
},
{
"category": "external",
"summary": "1264039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264039"
},
{
"category": "external",
"summary": "1264210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264210"
},
{
"category": "external",
"summary": "1264216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264216"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1844.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.7 security, bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T09:23:38+00:00",
"generator": {
"date": "2024-11-22T09:23:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2015:1844",
"initial_release_date": "2015-09-30T16:35:28+00:00",
"revision_history": [
{
"date": "2015-09-30T16:35:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-09-30T16:35:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T09:23:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Node 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Infrastructure 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product_id": "6Server-RHOSE-JBOSSEAP-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Client 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:1.609.1-1.el6op.noarch",
"product": {
"name": "jenkins-0:1.609.1-1.el6op.noarch",
"product_id": "jenkins-0:1.609.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@1.609.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.28.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"product": {
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"product_id": "openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker@1.16.2.10-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbosseap@2.26.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbossews@1.34.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-node@1.37.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.12.4.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-ruby@1.32.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-perl@1.30.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.30.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-php@1.34.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"product_id": "openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-util@1.37.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-python@1.33.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-mock@1.22.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-diy@1.26.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.37.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-msg-broker-mcollective@1.35.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-nodejs@1.33.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhc-0:1.37.1.2-1.el6op.noarch",
"product": {
"name": "rhc-0:1.37.1.2-1.el6op.noarch",
"product_id": "rhc-0:1.37.1.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@1.37.1.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-gear-placement@0.0.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"product_id": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker-util@1.36.2.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-routing-daemon@0.25.1.2-1.el6op?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:1.609.1-1.el6op.src",
"product": {
"name": "jenkins-0:1.609.1-1.el6op.src",
"product_id": "jenkins-0:1.609.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@1.609.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.28.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"product": {
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"product_id": "openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker@1.16.2.10-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbosseap@2.26.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbossews@1.34.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-node@1.37.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"product_id": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.12.4.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-ruby@1.32.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-perl@1.30.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.30.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-php@1.34.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"product": {
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"product_id": "openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-util@1.37.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-python@1.33.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-mock@1.22.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-diy@1.26.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.37.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-msg-broker-mcollective@1.35.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-nodejs@1.33.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhc-0:1.37.1.2-1.el6op.src",
"product": {
"name": "rhc-0:1.37.1.2-1.el6op.src",
"product_id": "rhc-0:1.37.1.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@1.37.1.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-gear-placement@0.0.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"product": {
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"product_id": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker-util@1.36.2.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"product": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"product_id": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-logshifter@1.10.1.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"product_id": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-routing-daemon@0.25.1.2-1.el6op?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"product": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"product_id": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-logshifter@1.10.1.2-1.el6op?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-0:1.37.1.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch"
},
"product_reference": "rhc-0:1.37.1.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-CLIENT-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-0:1.37.1.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src"
},
"product_reference": "rhc-0:1.37.1.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-CLIENT-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch"
},
"product_reference": "openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src"
},
"product_reference": "openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src"
},
"product_reference": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src"
},
"product_reference": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64"
},
"product_reference": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product_id": "6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-JBOSSEAP-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product_id": "6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-JBOSSEAP-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:1.609.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch"
},
"product_reference": "jenkins-0:1.609.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:1.609.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src"
},
"product_reference": "jenkins-0:1.609.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src"
},
"product_reference": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64"
},
"product_reference": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src"
},
"product_reference": "openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1806",
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205620"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the combination filter Groovy script could allow a remote attacker to potentially execute arbitrary code on a Jenkins master.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Combination filter Groovy script unsecured (SECURITY-125)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1806"
},
{
"category": "external",
"summary": "RHBZ#1205620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1806",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1806"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Combination filter Groovy script unsecured (SECURITY-125)"
},
{
"cve": "CVE-2015-1807",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205622"
}
],
"notes": [
{
"category": "description",
"text": "It was found that when building artifacts, the Jenkins server would follow symbolic links, potentially resulting in disclosure of information on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: directory traversal from artifacts via symlink (SECURITY-162)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1807"
},
{
"category": "external",
"summary": "RHBZ#1205622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205622"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1807",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1807"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1807",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1807"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: directory traversal from artifacts via symlink (SECURITY-162)"
},
{
"cve": "CVE-2015-1808",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205623"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in the way Jenkins handled certain update center data. An authenticated user could provide specially crafted update center data to Jenkins, causing plug-in and tool installation to not work properly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: update center metadata retrieval DoS attack (SECURITY-163)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1808"
},
{
"category": "external",
"summary": "RHBZ#1205623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1808"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: update center metadata retrieval DoS attack (SECURITY-163)"
},
{
"cve": "CVE-2015-1809",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205625"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Jenkins\u0027 XPath handling allowed XML External Entity (XXE) expansion. A remote attacker with read access could use this flaw to read arbitrary XML files on the Jenkins server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: external entity injection via XPath (SECURITY-165)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1809"
},
{
"category": "external",
"summary": "RHBZ#1205625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1809",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1809"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: external entity injection via XPath (SECURITY-165)"
},
{
"cve": "CVE-2015-1810",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205627"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the internal Jenkins user database did not restrict access to reserved names, allowing users to escalate privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1810"
},
{
"category": "external",
"summary": "RHBZ#1205627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1810",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1810"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)"
},
{
"cve": "CVE-2015-1811",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205632"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Jenkins\u0027 XML handling allowed XML External Entity (XXE) expansion. A remote attacker with the ability to pass XML data to Jenkins could use this flaw to read arbitrary XML files on the Jenkins server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1811"
},
{
"category": "external",
"summary": "RHBZ#1205632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1811",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1811"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)"
},
{
"cve": "CVE-2015-1812",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205615"
}
],
"notes": [
{
"category": "description",
"text": "Two cross-site scripting (XSS) flaws were found in Jenkins. A remote attacker could use these flaws to conduct XSS attacks against users of an application using Jenkins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1812"
},
{
"category": "external",
"summary": "RHBZ#1205615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1812",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1812"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"
}
],
"release_date": "2015-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)"
},
{
"cve": "CVE-2015-1813",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205615"
}
],
"notes": [
{
"category": "description",
"text": "Two cross-site scripting (XSS) flaws were found in Jenkins. A remote attacker could use these flaws to conduct XSS attacks against users of an application using Jenkins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1813"
},
{
"category": "external",
"summary": "RHBZ#1205615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1813",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1813"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"
}
],
"release_date": "2015-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)"
},
{
"cve": "CVE-2015-1814",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins API token-issuing service. The service was not properly protected against anonymous users, potentially allowing remote attackers to escalate privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: forced API token change (SECURITY-180)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1814"
},
{
"category": "external",
"summary": "RHBZ#1205616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1814",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1814"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"
}
],
"release_date": "2015-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins: forced API token change (SECURITY-180)"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.