Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update
🔗 CVE IDs covered (33)
📋 Description
CVE-2013-2186 — commons-fileupload: Arbitrary file upload via deserialization CVE-2014-1869 — stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws CVE-2014-3661 — jenkins: denial of service (SECURITY-87) CVE-2014-3662 — jenkins: username discovery (SECURITY-110) CVE-2014-3663 — jenkins: job configuration issues (SECURITY-127, SECURITY-128) CVE-2014-3664 — jenkins: directory traversal flaw (SECURITY-131) CVE-2014-3666 — jenkins: remote code execution flaw (SECURITY-150) CVE-2014-3667 — jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155) CVE-2014-3680 — jenkins: password exposure in DOM (SECURITY-138) CVE-2014-3681 — jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143) CVE-2015-1806 — jenkins: Combination filter Groovy script unsecured (SECURITY-125) CVE-2015-1807 — jenkins: directory traversal from artifacts via symlink (SECURITY-162) CVE-2015-1808 — jenkins: update center metadata retrieval DoS attack (SECURITY-163) CVE-2015-1810 — jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166) CVE-2015-1812 — jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177) CVE-2015-1813 — jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177) CVE-2015-1814 — jenkins: forced API token change (SECURITY-180) CVE-2015-5317 — jenkins: Project name disclosure via fingerprints (SECURITY-153) CVE-2015-5318 — jenkins: Public value used for CSRF protection salt (SECURITY-169) CVE-2015-5319 — jenkins: XXE injection into job configurations via CLI (SECURITY-173) CVE-2015-5320 — jenkins: Secret key not verified when connecting a slave (SECURITY-184) CVE-2015-5321 — jenkins: Information disclosure via sidepanel (SECURITY-192) CVE-2015-5322 — jenkins: Local file inclusion vulnerability (SECURITY-195) CVE-2015-5323 — jenkins: API tokens of other users available to admins (SECURITY-200) CVE-2015-5324 — jenkins: Queue API did show items not visible to the current user (SECURITY-186) CVE-2015-5325 — jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206) CVE-2015-5326 — jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214) CVE-2015-7537 — jenkins: CSRF vulnerability in some administrative actions (SECURITY-225) CVE-2015-7538 — jenkins: CSRF protection ineffective (SECURITY-233) CVE-2015-7539 — jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234) CVE-2015-8103 — jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218) CVE-2016-1905 — server: patch operation should use patched object to check admission control CVE-2016-1906 — server: build config to a strategy that isn't allowed by policy
🔗 References (70)
- selfhttps://access.redhat.com/errata/RHSA-2016:0070
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=974814
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1063099
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1147758
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1147759
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1147764
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1147765
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1147766
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1147769
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1147770
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1148645
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1205615
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1205616
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1205620
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1205622
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1205623
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1205627
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1243514
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1247523
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1254880
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1256869
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1268478
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1273739
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1277329
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1277383
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1277608
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1278232
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1278630
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1279404
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1279744
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1279925
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1280216
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1280497
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282359
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282361
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282362
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282363
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282364
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282365
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282366
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282367
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282368
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282369
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282371
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282426
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1282738
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1283952
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1284506
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1287414
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1287943
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1288014
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1289603
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1289965
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1290643
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1290967
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1291795
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1291797
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1291798
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1292621
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1293251
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1293252
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1293829
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1293877
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1294115
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1294798
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1296457
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1297910
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1297916
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0070.json