Red Hat Bug Fix Advisory: Red Hat OpenShift Enterprise 2.1 jenkins-plugin-openshift bug fix update
🔗 CVE IDs covered (22)
📋 Description
CVE-2013-5573 — jenkins: default markup formatter permits offsite-bound forms (SECURITY-88) CVE-2013-6372 — Jenkins: insecure storage of passwords in Subversion plugin (SECURITY-58) CVE-2013-7330 — jenkins: configure a project you do not have access to (SECURITY-55) CVE-2014-2059 — jenkins: command line interface job creation directory traversal (SECURITY-108) CVE-2014-2060 — jenkins: session hijacking issue in Winstone (SECURITY-106) CVE-2014-2061 — jenkins: clear text password disclosure (SECURITY-93) CVE-2014-2062 — jenkins: user tokens not invalidated correctly (SECURITY-89) CVE-2014-2063 — jenkins: interface vulnerable to clickjacking attacks (SECURITY-80) CVE-2014-2064 — jenkins: failed log in attemps revealing if a user is valid or not (SECURITY-79) CVE-2014-2065 — jenkins: input validation issue (SECURITY-77) CVE-2014-2066 — jenkins: session fixation issue (SECURITY-75) CVE-2014-2067 — jenkins: stored cross-site scripting flaw (SECURITY-74) CVE-2014-2068 — jenkins: information leak via system diagnostic functionalities (SECURITY-73) CVE-2014-3661 — jenkins: denial of service (SECURITY-87) CVE-2014-3662 — jenkins: username discovery (SECURITY-110) CVE-2014-3663 — jenkins: job configuration issues (SECURITY-127, SECURITY-128) CVE-2014-3664 — jenkins: directory traversal flaw (SECURITY-131) CVE-2014-3665 — jenkins: remote code execution from slaves (SECURITY-144) CVE-2014-3666 — jenkins: remote code execution flaw (SECURITY-150) CVE-2014-3667 — jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155) CVE-2014-3678 — jenkins: cross-site scripting flaws in the monitoring plug-in (SECURITY-113) CVE-2014-3681 — jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143)