First published: Wed Jul 17 2019(Updated: )
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jenkins weekly | <2.186 | 2.186 |
redhat/Jenkins LTS | <2.176.2 | 2.176.2 |
Jenkins Jenkins | <=2.176.1 | |
Jenkins Jenkins | <=2.185 | |
Redhat Openshift Container Platform | =3.11 | |
Redhat Openshift Container Platform | =4.1 | |
maven/org.kohsuke.stapler:stapler-parent | <1.257.1 | 1.257.1 |
maven/org.jenkins-ci.main:jenkins-core | >=2.177<=2.185 | 2.186 |
maven/org.jenkins-ci.main:jenkins-core | <=2.176.1 | 2.176.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.