[Bug 1558848] New: CVE-2017-1000395 jenkins: "User" remote API disclosed users' email addresses (SECURITY-514) [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1558848
Bug ID: 1558848
Summary: CVE-2017-1000395 jenkins: "User" remote API disclosed
users' email addresses (SECURITY-514) [fedora-all]
Product: Fedora
Version: 27
Component: jenkins
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: msrb(a)redhat.com
Reporter: jshepherd(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1558858] New: CVE-2017-1000396 jenkins: Jenkins core bundled vulnerable version of the commons-httpclient library (SECURITY-555) [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1558858
Bug ID: 1558858
Summary: CVE-2017-1000396 jenkins: Jenkins core bundled
vulnerable version of the commons-httpclient library
(SECURITY-555) [fedora-all]
Product: Fedora
Version: 27
Component: jenkins
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: msrb(a)redhat.com
Reporter: jshepherd(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1558869] New: CVE-2017-1000401 jenkins: Form validation for password fields was sent via GET (SECURITY-616) [ fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1558869
Bug ID: 1558869
Summary: CVE-2017-1000401 jenkins: Form validation for password
fields was sent via GET (SECURITY-616) [fedora-all]
Product: Fedora
Version: 27
Component: jenkins
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: msrb(a)redhat.com
Reporter: jshepherd(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1558871] New: CVE-2017-1000400 jenkins: "Job" remote API disclosed information about inaccessible upstream/ downstream jobs (SECURITY-617) [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1558871
Bug ID: 1558871
Summary: CVE-2017-1000400 jenkins: "Job" remote API disclosed
information about inaccessible upstream/downstream
jobs (SECURITY-617) [fedora-all]
Product: Fedora
Version: 27
Component: jenkins
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: msrb(a)redhat.com
Reporter: jshepherd(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1561288] New: CVE-2018-8718 jenkins-mailer-plugin: jenkins-plugin-mailer: Missing permissions check in Mailer.java: doSendTestMail() allows unauthorised users to send mail [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1561288
Bug ID: 1561288
Summary: CVE-2018-8718 jenkins-mailer-plugin:
jenkins-plugin-mailer: Missing permissions check in
Mailer.java:doSendTestMail() allows unauthorised users
to send mail [fedora-all]
Product: Fedora
Version: 27
Component: jenkins-mailer-plugin
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: msrb(a)redhat.com
Reporter: sfowler(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1564358] New: CVE-2018-1284 hive: Mishandled input in UDFXPathUtil.java allows users to access arbitrary files via crafted XML [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1564358
Bug ID: 1564358
Summary: CVE-2018-1284 hive: Mishandled input in
UDFXPathUtil.java allows users to access arbitrary
files via crafted XML [fedora-all]
Product: Fedora
Version: 27
Component: hive
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: extras-orphan(a)fedoraproject.org
Reporter: sfowler(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
me(a)coolsvap.net, moceap(a)hotmail.com,
pmackinn(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1564362] New: CVE-2018-1282 hive: Improper input validation in jdbc/ HivePreparedStatement.java allows for SQL injection [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1564362
Bug ID: 1564362
Summary: CVE-2018-1282 hive: Improper input validation in
jdbc/HivePreparedStatement.java allows for SQL
injection [fedora-all]
Product: Fedora
Version: 27
Component: hive
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: extras-orphan(a)fedoraproject.org
Reporter: sfowler(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
me(a)coolsvap.net, moceap(a)hotmail.com,
pmackinn(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1564371] New: CVE-2018-1315 hive: 'COPY FROM FTP' feature allows malicious FTP server to write arbitrary files to the cluster [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1564371
Bug ID: 1564371
Summary: CVE-2018-1315 hive: 'COPY FROM FTP' feature allows
malicious FTP server to write arbitrary files to the
cluster [fedora-all]
Product: Fedora
Version: 27
Component: hive
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: extras-orphan(a)fedoraproject.org
Reporter: sfowler(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
me(a)coolsvap.net, moceap(a)hotmail.com,
pmackinn(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1565928] New: CVE-2018-1274 springframework-data-commons: spring-data-commons: Unlimited path depth in PropertyPath.java allow remote attackers to cause a denial of service [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1565928
Bug ID: 1565928
Summary: CVE-2018-1274 springframework-data-commons:
spring-data-commons: Unlimited path depth in
PropertyPath.java allow remote attackers to cause a
denial of service [fedora-all]
Product: Fedora
Version: 27
Component: springframework-data-commons
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: puntogil(a)libero.it
Reporter: sfowler(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1566955] New: jenkins: various flaws [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1566955
Bug ID: 1566955
Summary: jenkins: various flaws [fedora-all]
Product: Fedora
Version: 27
Component: jenkins
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: msrb(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months