rhsa-2016_1206
Vulnerability from csaf_redhat
Published
2016-06-06 19:06
Modified
2024-11-22 09:59
Summary
Red Hat Security Advisory: jenkins security update
Notes
Topic
An updated Jenkins package and image that includes security fixes are now
available for Red Hat OpenShift Enterprise 3.2.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-
as-a-Service (PaaS) solution designed for on-premise or private cloud
deployments.
Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* The Jenkins continuous integration server has been updated to upstream
version 1.651.2 LTS that addresses a large number of security issues,
including open redirects, a potential denial of service, unsafe handling of
user provided environment variables and several instances of sensitive
information disclosure. (CVE-2016-3721, CVE-2016-3722, CVE-2016-3723,
CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727)
Refer to the changelog listed in the References section for a list of
changes.
This update includes the following image:
openshift3/jenkins-1-rhel7:1.651.2-4
All OpenShift Enterprise 3.2 users are advised to upgrade to the updated
package and image.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated Jenkins package and image that includes security fixes are now \navailable for Red Hat OpenShift Enterprise 3.2.\n\nRed Hat Product Security has rated this update as having a security impact \nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, \nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Enterprise by Red Hat is the company\u0027s cloud computing Platform-\nas-a-Service (PaaS) solution designed for on-premise or private cloud \ndeployments.\n\nJenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* The Jenkins continuous integration server has been updated to upstream \nversion 1.651.2 LTS that addresses a large number of security issues, \nincluding open redirects, a potential denial of service, unsafe handling of \nuser provided environment variables and several instances of sensitive \ninformation disclosure. (CVE-2016-3721, CVE-2016-3722, CVE-2016-3723, \nCVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727)\n\nRefer to the changelog listed in the References section for a list of \nchanges.\n\nThis update includes the following image:\n\nopenshift3/jenkins-1-rhel7:1.651.2-4\n\nAll OpenShift Enterprise 3.2 users are advised to upgrade to the updated \npackage and image.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2016:1206", "url": "https://access.redhat.com/errata/RHSA-2016:1206" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1333133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333133" }, { "category": "external", "summary": "1335415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335415" }, { "category": "external", "summary": "1335416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335416" }, { "category": "external", "summary": "1335417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335417" }, { "category": "external", "summary": "1335418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335418" }, { "category": "external", "summary": "1335420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335420" }, { "category": "external", "summary": "1335421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335421" }, { "category": "external", "summary": "1335422", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335422" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1206.json" } ], "title": "Red Hat Security Advisory: jenkins security update", "tracking": { "current_release_date": "2024-11-22T09:59:04+00:00", "generator": { "date": "2024-11-22T09:59:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2016:1206", "initial_release_date": "2016-06-06T19:06:23+00:00", "revision_history": [ { "date": "2016-06-06T19:06:23+00:00", "number": "1", "summary": "Initial version" }, { "date": "2016-06-06T19:06:23+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T09:59:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 3.2", "product": { "name": "Red Hat OpenShift Container Platform 3.2", "product_id": "7Server-RH7-RHOSE-3.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:3.2::el7" } } }, { "category": "product_name", "name": "Red Hat OpenShift Enterprise 3.1", "product": { "name": "Red Hat OpenShift Enterprise 3.1", "product_id": "7Server-RH7-RHOSE-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:3.1::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:1.651.2-1.el7.noarch", "product": { "name": "jenkins-0:1.651.2-1.el7.noarch", "product_id": "jenkins-0:1.651.2-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@1.651.2-1.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:1.651.2-1.el7.src", "product": { "name": "jenkins-0:1.651.2-1.el7.src", "product_id": "jenkins-0:1.651.2-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@1.651.2-1.el7?arch=src" } } }, { "category": "product_version", "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "product": { "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "product_id": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-plugin-openshift-pipeline@1.0.12-1.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "product": { "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "product_id": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-plugin-openshift-pipeline@1.0.12-1.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:1.651.2-1.el7.noarch as a component of Red Hat OpenShift Enterprise 3.1", "product_id": "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch" }, "product_reference": "jenkins-0:1.651.2-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:1.651.2-1.el7.src as a component of Red Hat OpenShift Enterprise 3.1", "product_id": "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src" }, "product_reference": "jenkins-0:1.651.2-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src as a component of Red Hat OpenShift Enterprise 3.1", "product_id": "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src" }, "product_reference": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64 as a component of Red Hat OpenShift Enterprise 3.1", "product_id": "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" }, "product_reference": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:1.651.2-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.2", "product_id": "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch" }, "product_reference": "jenkins-0:1.651.2-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.2" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:1.651.2-1.el7.src as a component of Red Hat OpenShift Container Platform 3.2", "product_id": "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src" }, "product_reference": "jenkins-0:1.651.2-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.2" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src as a component of Red Hat OpenShift Container Platform 3.2", "product_id": "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src" }, "product_reference": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.2" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.2", "product_id": "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" }, "product_reference": "jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-3721", "discovery_date": "2016-05-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1335415" } ], "notes": [ { "category": "description", "text": "Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3721" }, { "category": "external", "summary": "RHBZ#1335415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335415" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3721", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3721" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3721", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3721" }, { "category": "external", "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" } ], "release_date": "2016-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-06T19:06:23+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1206" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)" }, { "cve": "CVE-2016-3722", "discovery_date": "2016-05-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1335416" } ], "notes": [ { "category": "description", "text": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3722" }, { "category": "external", "summary": "RHBZ#1335416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335416" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3722", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3722" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3722", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3722" }, { "category": "external", "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" } ], "release_date": "2016-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-06T19:06:23+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1206" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0" }, "products": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)" }, { "cve": "CVE-2016-3723", "discovery_date": "2016-05-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1335417" } ], "notes": [ { "category": "description", "text": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Information on installed plugins exposed via API (SECURITY-250)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3723" }, { "category": "external", "summary": "RHBZ#1335417", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335417" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3723", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3723" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3723" }, { "category": "external", "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" } ], "release_date": "2016-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-06T19:06:23+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1206" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Information on installed plugins exposed via API (SECURITY-250)" }, { "cve": "CVE-2016-3724", "discovery_date": "2016-05-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1335418" } ], "notes": [ { "category": "description", "text": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3724" }, { "category": "external", "summary": "RHBZ#1335418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335418" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3724", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3724" }, { "category": "external", "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" } ], "release_date": "2016-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-06T19:06:23+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1206" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)" }, { "cve": "CVE-2016-3725", "discovery_date": "2016-05-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1335420" } ], "notes": [ { "category": "description", "text": "Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Regular users can trigger download of update site metadata (SECURITY-273)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3725" }, { "category": "external", "summary": "RHBZ#1335420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335420" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3725", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3725" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3725", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3725" }, { "category": "external", "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" } ], "release_date": "2016-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-06T19:06:23+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1206" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0" }, "products": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jenkins: Regular users can trigger download of update site metadata (SECURITY-273)" }, { "cve": "CVE-2016-3726", "discovery_date": "2016-05-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1335421" } ], "notes": [ { "category": "description", "text": "Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Open redirect to scheme-relative URLs (SECURITY-276)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3726" }, { "category": "external", "summary": "RHBZ#1335421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335421" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3726", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3726" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3726", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3726" }, { "category": "external", "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" } ], "release_date": "2016-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-06T19:06:23+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1206" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "products": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Open redirect to scheme-relative URLs (SECURITY-276)" }, { "cve": "CVE-2016-3727", "discovery_date": "2016-05-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1335422" } ], "notes": [ { "category": "description", "text": "The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-3727" }, { "category": "external", "summary": "RHBZ#1335422", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335422" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-3727", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3727" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3727", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3727" }, { "category": "external", "summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11", "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11" } ], "release_date": "2016-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2016-06-06T19:06:23+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2016:1206" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.1:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.1:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.noarch", "7Server-RH7-RHOSE-3.2:jenkins-0:1.651.2-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.src", "7Server-RH7-RHOSE-3.2:jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.