RETIRED: Jenkins Cross-Site Scripting, Security Bypass, and Denial of Service Vulnerabilities

Jenkins is prone to the following security vulnerabilities:

1. An unspecified cross-site scripting vulnerability
2. An unspecified security-bypass vulnerability
3. An unspecified denial-of-service vulnerability

An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials or bypass security restrictions to perform unauthorized actions; this may aid to launch other attacks.

Versions prior to Jenkins 1.480.3 and 1.502 are vulnerable.

This BID is being retired. The following individual records exist to better document the issues:

58726 Jenkins CVE-2013-0328 Unspecified Cross Site Scripting Vulnerability
58722 Jenkins CVE-2013-0330 Security Bypass Vulnerability
58721 Jenkins CVE-2013-0331 Denial Of Service Vulnerability


Privacy Statement
Copyright 2010, SecurityFocus