Jenkins Multiple Security Vulnerabilities

Jenkins is prone to the following vulnerabilities:

1. A unauthorized-access vulnerability
2. A cross-site request forgery vulnerability

An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials and gain unauthorized access to the affected application. This may aid in further attacks.

The following product versions are vulnerable:

Jenkins weekly 2.185 and prior
Jenkins LTS 2.176.1 and prior


 

Privacy Statement
Copyright 2010, SecurityFocus