csaf_redhat - rhsa-2016

rhsa-2016_1206

Vulnerability from csaf_redhat

Published

2016-06-06 19:06

Modified

2024-09-15 23:20

Summary

Red Hat Security Advisory: jenkins security update

Notes

Topic

An updated Jenkins package and image that includes security fixes are now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix(es): * The Jenkins continuous integration server has been updated to upstream version 1.651.2 LTS that addresses a large number of security issues, including open redirects, a potential denial of service, unsafe handling of user provided environment variables and several instances of sensitive information disclosure. (CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727) Refer to the changelog listed in the References section for a list of changes. This update includes the following image: openshift3/jenkins-1-rhel7:1.651.2-4 All OpenShift Enterprise 3.2 users are advised to upgrade to the updated package and image.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Jenkins package and image that includes security fixes are now \navailable for Red Hat OpenShift Enterprise 3.2.\n\nRed Hat Product Security has rated this update as having a security impact \nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, \nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Enterprise by Red Hat is the company\u0027s cloud computing Platform-\nas-a-Service (PaaS) solution designed for on-premise or private cloud \ndeployments.\n\nJenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* The Jenkins continuous integration server has been updated to upstream \nversion 1.651.2 LTS that addresses a large number of security issues, \nincluding open redirects, a potential denial of service, unsafe handling of \nuser provided environment variables and several instances of sensitive \ninformation disclosure. (CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, \nCVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727)\n\nRefer to the changelog listed in the References section for a list of \nchanges.\n\nThis update includes the following image:\n\nopenshift3/jenkins-1-rhel7:1.651.2-4\n\nAll OpenShift Enterprise 3.2 users are advised to upgrade to the updated \npackage and image.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:1206",
        "url": "https://access.redhat.com/errata/RHSA-2016:1206"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1333133",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333133"
      },
      {
        "category": "external",
        "summary": "1335415",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335415"
      },
      {
        "category": "external",
        "summary": "1335416",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335416"
      },
      {
        "category": "external",
        "summary": "1335417",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335417"
      },
      {
        "category": "external",
        "summary": "1335418",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335418"
      },
      {
        "category": "external",
        "summary": "1335420",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335420"
      },
      {
        "category": "external",
        "summary": "1335421",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335421"
      },
      {
        "category": "external",
        "summary": "1335422",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335422"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2016/rhsa-2016_1206.json"
      }
    ],
    "title": "Red Hat Security Advisory: jenkins security update",
    "tracking": {
      "current_release_date": "2024-09-15T23:20:51+00:00",
      "generator": {
        "date": "2024-09-15T23:20:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2016:1206",
      "initial_release_date": "2016-06-06T19:06:23+00:00",
      "revision_history": [
        {
          "date": "2016-06-06T19:06:23+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2016-06-06T19:06:23+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-15T23:20:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 3.2",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 3.2",
                  "product_id": "7Server-RH7-RHOSE-3.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.2::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Enterprise 3.1",
                "product": {
                  "name": "Red Hat OpenShift Enterprise 3.1",
                  "product_id": "7Server-RH7-RHOSE-3.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:3.1::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jenkins-0:1.651.2-1.el7.noarch",
                "product": {
                  "name": "jenkins-0:1.651.2-1.el7.noarch",
                  "product_id": "jenkins-0:1.651.2-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins@1.651.2-1.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jenkins-0:1.651.2-1.el7.src",
                "product": {
                  "name": "jenkins-0:1.651.2-1.el7.src",
                  "product_id": "jenkins-0:1.651.2-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins@1.651.2-1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
                "product": {
                  "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
                  "product_id": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins-plugin-openshift-pipeline@1.0.12-1.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
                "product": {
                  "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
                  "product_id": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins-plugin-openshift-pipeline@1.0.12-1.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:1.651.2-1.el7.noarch as a component of Red Hat OpenShift Enterprise 3.1",
          "product_id": "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch"
        },
        "product_reference": "jenkins-0:1.651.2-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:1.651.2-1.el7.src as a component of Red Hat OpenShift Enterprise 3.1",
          "product_id": "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src"
        },
        "product_reference": "jenkins-0:1.651.2-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src as a component of Red Hat OpenShift Enterprise 3.1",
          "product_id": "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src"
        },
        "product_reference": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1",
          "product_id": "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
        },
        "product_reference": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:1.651.2-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch"
        },
        "product_reference": "jenkins-0:1.651.2-1.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:1.651.2-1.el7.src as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src"
        },
        "product_reference": "jenkins-0:1.651.2-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src"
        },
        "product_reference": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2",
          "product_id": "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
        },
        "product_reference": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-3.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-3721",
      "discovery_date": "2016-05-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1335415"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3721"
        },
        {
          "category": "external",
          "summary": "RHBZ#1335415",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335415"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3721",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3721"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3721",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3721"
        },
        {
          "category": "external",
          "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        }
      ],
      "release_date": "2016-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)"
    },
    {
      "cve": "CVE-2016-3722",
      "discovery_date": "2016-05-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1335416"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3722"
        },
        {
          "category": "external",
          "summary": "RHBZ#1335416",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335416"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3722",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3722"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3722",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3722"
        },
        {
          "category": "external",
          "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        }
      ],
      "release_date": "2016-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)"
    },
    {
      "cve": "CVE-2016-3723",
      "discovery_date": "2016-05-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1335417"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Information on installed plugins exposed via API (SECURITY-250)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3723"
        },
        {
          "category": "external",
          "summary": "RHBZ#1335417",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335417"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3723",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3723"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3723",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3723"
        },
        {
          "category": "external",
          "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        }
      ],
      "release_date": "2016-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Information on installed plugins exposed via API (SECURITY-250)"
    },
    {
      "cve": "CVE-2016-3724",
      "discovery_date": "2016-05-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1335418"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3724"
        },
        {
          "category": "external",
          "summary": "RHBZ#1335418",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335418"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3724",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3724"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3724",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3724"
        },
        {
          "category": "external",
          "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        }
      ],
      "release_date": "2016-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)"
    },
    {
      "cve": "CVE-2016-3725",
      "discovery_date": "2016-05-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1335420"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Regular users can trigger download of update site metadata (SECURITY-273)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3725"
        },
        {
          "category": "external",
          "summary": "RHBZ#1335420",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335420"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3725",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3725"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3725",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3725"
        },
        {
          "category": "external",
          "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        }
      ],
      "release_date": "2016-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jenkins: Regular users can trigger download of update site metadata (SECURITY-273)"
    },
    {
      "cve": "CVE-2016-3726",
      "discovery_date": "2016-05-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1335421"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Open redirect to scheme-relative URLs (SECURITY-276)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3726"
        },
        {
          "category": "external",
          "summary": "RHBZ#1335421",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335421"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3726"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3726",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3726"
        },
        {
          "category": "external",
          "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        }
      ],
      "release_date": "2016-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Open redirect to scheme-relative URLs (SECURITY-276)"
    },
    {
      "cve": "CVE-2016-3727",
      "discovery_date": "2016-05-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1335422"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
          "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
          "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-3727"
        },
        {
          "category": "external",
          "summary": "RHBZ#1335422",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335422"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3727",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-3727"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3727",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3727"
        },
        {
          "category": "external",
          "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        }
      ],
      "release_date": "2016-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch",
            "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src",
            "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)"
    }
  ]
}

cve-2016-3722

Vulnerability from cvelistv5

Published

2016-05-17 14:00

Modified

2024-08-06 00:03

Severity

Summary

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."

References

URL	Tags
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11	x_refsource_CONFIRM
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1206	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-1773.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
          },
          {
            "name": "RHSA-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1206"
          },
          {
            "name": "RHSA-2016:1773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        },
        {
          "name": "RHSA-2016:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        },
        {
          "name": "RHSA-2016:1773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-3722",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
            },
            {
              "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
            },
            {
              "name": "RHSA-2016:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1206"
            },
            {
              "name": "RHSA-2016:1773",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3722",
    "datePublished": "2016-05-17T14:00:00",
    "dateReserved": "2016-03-30T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3721

Vulnerability from cvelistv5

Published

2016-05-17 00:00

Modified

2024-08-06 00:03

Severity

4.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.

References

URL	Tags
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170
https://access.redhat.com/errata/RHSA-2016:1206	vendor-advisory
http://rhn.redhat.com/errata/RHSA-2016-1773.html	vendor-advisory
http://www.openwall.com/lists/oss-security/2024/05/02/3	mailing-list

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2016-3721",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-02T17:22:46.826118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:04:06.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "ADP Container"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170"
          },
          {
            "name": "RHSA-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1206"
          },
          {
            "name": "RHSA-2016:1773",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
          },
          {
            "name": "[oss-security] 20240502 Multiple vulnerabilities in Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-02T14:06:01.733858",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
        },
        {
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        },
        {
          "url": "https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170"
        },
        {
          "name": "RHSA-2016:1206",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        },
        {
          "name": "RHSA-2016:1773",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
        },
        {
          "name": "[oss-security] 20240502 Multiple vulnerabilities in Jenkins plugins",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3721",
    "datePublished": "2016-05-17T00:00:00",
    "dateReserved": "2016-03-30T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3724

Vulnerability from cvelistv5

Published

2016-05-17 14:00

Modified

2024-08-06 00:03

Severity

Summary

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.

References

URL	Tags
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11	x_refsource_CONFIRM
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1206	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-1773.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.453Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
          },
          {
            "name": "RHSA-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1206"
          },
          {
            "name": "RHSA-2016:1773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        },
        {
          "name": "RHSA-2016:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        },
        {
          "name": "RHSA-2016:1773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-3724",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
            },
            {
              "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
            },
            {
              "name": "RHSA-2016:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1206"
            },
            {
              "name": "RHSA-2016:1773",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3724",
    "datePublished": "2016-05-17T14:00:00",
    "dateReserved": "2016-03-30T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.453Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3723

Vulnerability from cvelistv5

Published

2016-05-17 14:00

Modified

2024-08-06 00:03

Severity

Summary

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.

References

URL	Tags
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11	x_refsource_CONFIRM
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1206	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-1773.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
          },
          {
            "name": "RHSA-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1206"
          },
          {
            "name": "RHSA-2016:1773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        },
        {
          "name": "RHSA-2016:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        },
        {
          "name": "RHSA-2016:1773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-3723",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
            },
            {
              "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
            },
            {
              "name": "RHSA-2016:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1206"
            },
            {
              "name": "RHSA-2016:1773",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3723",
    "datePublished": "2016-05-17T14:00:00",
    "dateReserved": "2016-03-30T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3725

Vulnerability from cvelistv5

Published

2016-05-17 14:00

Modified

2024-08-06 00:03

Severity

Summary

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).

References

URL	Tags
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11	x_refsource_CONFIRM
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1206	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-1773.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.459Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
          },
          {
            "name": "RHSA-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1206"
          },
          {
            "name": "RHSA-2016:1773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        },
        {
          "name": "RHSA-2016:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        },
        {
          "name": "RHSA-2016:1773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-3725",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
            },
            {
              "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
            },
            {
              "name": "RHSA-2016:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1206"
            },
            {
              "name": "RHSA-2016:1773",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3725",
    "datePublished": "2016-05-17T14:00:00",
    "dateReserved": "2016-03-30T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3726

Vulnerability from cvelistv5

Published

2016-05-17 14:00

Modified

2024-08-06 00:03

Severity

Summary

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.

References

URL	Tags
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11	x_refsource_CONFIRM
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1206	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-1773.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
          },
          {
            "name": "RHSA-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1206"
          },
          {
            "name": "RHSA-2016:1773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        },
        {
          "name": "RHSA-2016:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        },
        {
          "name": "RHSA-2016:1773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-3726",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
            },
            {
              "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
            },
            {
              "name": "RHSA-2016:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1206"
            },
            {
              "name": "RHSA-2016:1773",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3726",
    "datePublished": "2016-05-17T14:00:00",
    "dateReserved": "2016-03-30T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3727

Vulnerability from cvelistv5

Published

2016-05-17 14:00

Modified

2024-08-06 00:03

Severity

Summary

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

References

URL	Tags
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11	x_refsource_CONFIRM
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1206	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-1773.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.534Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
          },
          {
            "name": "RHSA-2016:1206",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1206"
          },
          {
            "name": "RHSA-2016:1773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
        },
        {
          "name": "RHSA-2016:1206",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1206"
        },
        {
          "name": "RHSA-2016:1773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-3727",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
            },
            {
              "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
              "refsource": "CONFIRM",
              "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
            },
            {
              "name": "RHSA-2016:1206",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1206"
            },
            {
              "name": "RHSA-2016:1773",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3727",
    "datePublished": "2016-05-17T14:00:00",
    "dateReserved": "2016-03-30T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

Vulnerability from csaf_redhat

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags