First published: Thu May 12 2016(Updated: )
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/Jenkins | <2.3 | 2.3 |
redhat/Jenkins | <1.651.2 | 1.651.2 |
Jenkins Jenkins | <=1.651.1 | |
Jenkins Jenkins | <=2.2 | |
Redhat Openshift | =3.1 | |
Redhat Openshift | =3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.