[Bug 1689873] New: CVE-2019-1003029 jenkins-plugin-script-security: sandbox bypass in script security plugin
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1689873
Bug ID: 1689873
Summary: CVE-2019-1003029 jenkins-plugin-script-security:
sandbox bypass in script security plugin
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=important,public=20190306,reported=20190309,sou
rce=cve,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H
/I:H/A:H,fedora-all/jenkins-script-security-plugin=aff
ected,openshift-enterprise-3.11/jenkins-2-plugins=affe
cted,openshift-enterprise-4.0/jenkins-2-plugins=affect
ed,openshift-enterprise-3.4/jenkins-plugin-script-secu
rity=affected,openshift-enterprise-3.5/jenkins-plugin-
script-security=affected,openshift-enterprise-3.6/jenk
ins-plugin-script-security=affected,openshift-enterpri
se-3.7/jenkins-plugin-script-security=affected,openshi
ft-enterprise-3.9/jenkins-plugin-script-security=affec
ted,openshift-enterprise-3.10/jenkins-plugin-script-se
curity=affected
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: ahardin(a)redhat.com, bleanhar(a)redhat.com,
ccoleman(a)redhat.com, dedgar(a)redhat.com,
eparis(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jokerman(a)redhat.com,
mchappel(a)redhat.com, mizdebsk(a)redhat.com,
msrb(a)redhat.com
Target Milestone: ---
Classification: Other
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53
and earlier in
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java,
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java
that allows attackers with Overall/Read permission to execute arbitrary code on
the Jenkins master JVM.
Reference:
https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years
[Bug 1684556] New: CVE-2019-1003024 CVE-2019-1003024 jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1320)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1684556
Bug ID: 1684556
Summary: CVE-2019-1003024 CVE-2019-1003024
jenkins-plugin-script-security: Sandbox Bypass in
Script Security Plugin (SECURITY-1320)
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=important,public=20190219,reported=20190219,sou
rce=internet,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:
U/C:H/I:H/A:H,cwe=CWE-96,openshift-enterprise-3.2/jenk
ins-plugin-script-security=wontfix,openshift-enterpris
e-3.3/jenkins-plugin-script-security=wontfix,openshift
-enterprise-3.4/jenkins-plugin-script-security=wontfix
,openshift-enterprise-3.5/jenkins-plugin-script-securi
ty=wontfix,openshift-enterprise-3.7/jenkins-plugin-scr
ipt-security=wontfix,openshift-enterprise-3.6/jenkins-
plugin-script-security=wontfix,openshift-enterprise-3.
9/jenkins-plugin-script-security=wontfix,openshift-ent
erprise-3.10/jenkins-plugin-script-security=wontfix,op
enshift-enterprise-3.11/jenkins-2-plugins=affected,fed
ora-all/jenkins-script-security-plugin=affected,opensh
ift-enterprise-4.0/jenkins-2-plugins=affected
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: ahardin(a)redhat.com, bleanhar(a)redhat.com,
ccoleman(a)redhat.com, dedgar(a)redhat.com,
eparis(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jokerman(a)redhat.com,
mchappel(a)redhat.com, mizdebsk(a)redhat.com,
msrb(a)redhat.com
Target Milestone: ---
Classification: Other
The previously implemented script security sandbox protections prohibiting the
use of unsafe AST transforming annotations such as @Grab (2019-01-08 fix for
SECURITY-1266) could be circumvented through use of various Groovy language
features:
* Use of AnnotationCollector
* Import aliasing
* Referencing annotation types using their full class name
This allowed users with Overall/Read permission, or the ability to control
Jenkinsfile or sandboxed Pipeline shared library contents in SCM, to bypass the
sandbox protection and execute arbitrary code on the Jenkins master.
Using AnnotationCollector is now newly prohibited in sandboxed scripts such as
Pipelines. Importing any of the annotations considered unsafe will now result
in an error. During the compilation phase, both simple and full class names of
prohibited annotations are rejected for element annotations.
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years
[Bug 1696012] New: CVE-2019-0222 activemq: Corrupt MQTT frame can cause broker shutdown
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1696012
Bug ID: 1696012
Summary: CVE-2019-0222 activemq: Corrupt MQTT frame can cause
broker shutdown
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190327,reported=20190327,sour
ce=cve,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/
I:N/A:H,fedora-all/activemq=affected,jbds-11/activemq=
new,amq-6/activemq=new,jdg-7/activemq-artemis=new,eap-
7/activemq-artemis=new,fsw-6/activemq=new,fuse-6/activ
emq=new,rhdm-7/activemq-artemis=new,fuse-7/activemq=ne
w,rhpam-7/activemq-artemis=new,rhev-m-4/eap7-activemq-
artemis=new,rhsso-7/activemq-artemis=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: agrimm(a)gmail.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, anstephe(a)redhat.com,
bmaxwell(a)redhat.com, bmcclain(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
csutherl(a)redhat.com, darran.lofthouse(a)redhat.com,
dblechte(a)redhat.com, dfediuck(a)redhat.com,
dimitris(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, eedri(a)redhat.com,
etirelli(a)redhat.com, gvarsami(a)redhat.com,
ibek(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jcoleman(a)redhat.com,
jshepherd(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lgao(a)redhat.com,
lpetrovi(a)redhat.com, mgoldboi(a)redhat.com,
michal.skrivanek(a)redhat.com, myarboro(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pdrozd(a)redhat.com, pgier(a)redhat.com,
psakar(a)redhat.com, pslavice(a)redhat.com,
psotirop(a)redhat.com, puntogil(a)libero.it,
rnetuka(a)redhat.com, rrajasek(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, rzhang(a)redhat.com,
sbonazzo(a)redhat.com, sdaley(a)redhat.com,
sherold(a)redhat.com, s(a)shk.io, sthorger(a)redhat.com,
tcunning(a)redhat.com, tdawson(a)redhat.com,
tkirby(a)redhat.com, twalsh(a)redhat.com,
vtunka(a)redhat.com
Target Milestone: ---
Classification: Other
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to
broker Out of Memory exception making it unresponsive.
References:
http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announc...
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years
[Bug 1705993] New: CVE-2019-10247 jetty: error path information disclosure
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1705993
Bug ID: 1705993
Summary: CVE-2019-10247 jetty: error path information
disclosure
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190418,reported=20190423,sour
ce=cve,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/
I:N/A:N,cwe=CWE-200,fedora-all/jetty=affected,fuse-6/j
etty=new,fuse-7/jetty=new,rhn_satellite_5/jetty=new,rh
scl-3/rh-java-common-jetty=new,rhel-6/jetty-eclipse=ne
w,rhel-7/jetty=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: aileenc(a)redhat.com, bkearney(a)redhat.com,
chazlett(a)redhat.com, decathorpe(a)gmail.com,
eclipse-sig(a)lists.fedoraproject.org,
ggainey(a)redhat.com, hhorak(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jorton(a)redhat.com, krzysztof.daniel(a)gmail.com,
mizdebsk(a)redhat.com, sochotni(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
tlestach(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and
9.4.16 and older, the server running on any OS and Jetty version combination
will reveal the configured fully qualified directory base resource location on
the output of the 404 error for not finding a Context that matches the
requested path. The default server behavior on jetty-distribution and
jetty-home will include at the end of the Handler tree a DefaultHandler, which
is responsible for reporting this 404 error, it presents the various configured
contexts as HTML for users to click through to. This produced HTML includes
output that contains the configured fully qualified directory base resource
location for each context.
Reference:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years
[Bug 1705924] New: CVE-2019-10241 jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1705924
Bug ID: 1705924
Summary: CVE-2019-10241 jetty: using specially formatted URL
against DefaultServlet or ResourceHandler leads to XSS
conditions
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190422,reported=20190423,sour
ce=cve,cvss3=4.7/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/
I:L/A:N,cwe=CWE-79,fedora-all/jetty=affected,rhel-6/je
tty-eclipse=new,rhel-7/jetty=new,fuse-6/jetty=new,fuse
-7/jetty=new,rhn_satellite_5/jetty=new,rhscl-3/rh-java
-common-jetty=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mrehak(a)redhat.com
CC: aileenc(a)redhat.com, bkearney(a)redhat.com,
chazlett(a)redhat.com, decathorpe(a)gmail.com,
eclipse-sig(a)lists.fedoraproject.org,
ggainey(a)redhat.com, hhorak(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jorton(a)redhat.com, krzysztof.daniel(a)gmail.com,
mizdebsk(a)redhat.com, sochotni(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
tlestach(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and
older, the server is vulnerable to XSS conditions if a remote client USES a
specially formatted URL against the DefaultServlet or ResourceHandler that is
configured for showing a Listing of directory contents.
External References:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years
[Bug 1709860] New: CVE-2019-5427 c3p0: loading XML configuration leads to denial of service
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1709860
Bug ID: 1709860
Summary: CVE-2019-5427 c3p0: loading XML configuration leads to
denial of service
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190417,reported=20190424,sour
ce=cve,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/
I:N/A:H,cwe=CWE-776,fedora-all/c3p0=affected,epel-7/c3
p0=affected,rhes-3/c3p0=new,rhpam-7/c3p0=new,fuse-6/c3
p0=new,fuse-7/c3p0=new,rhn_satellite_6/c3p0=new,jbews-
2/c3p0=new,rhn_satellite_5/c3p0=new,rhmap-4/c3p0=new,v
ertx-3/c3p0=new,soap-5/c3p0=new,bpms-6/c3p0=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: msiddiqu(a)redhat.com
CC: aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, avibelli(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bgeorges(a)redhat.com, bkearney(a)redhat.com,
btotty(a)redhat.com, cbyrne(a)redhat.com,
chazlett(a)redhat.com, cmacedo(a)redhat.com,
csutherl(a)redhat.com, decathorpe(a)gmail.com,
dffrench(a)redhat.com, dingyichen(a)gmail.com,
drusso(a)redhat.com, etirelli(a)redhat.com,
ggainey(a)redhat.com, gvarsami(a)redhat.com,
gzaronik(a)redhat.com, hhudgeon(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jbalunas(a)redhat.com, jclere(a)redhat.com,
jcoleman(a)redhat.com, jmadigan(a)redhat.com,
jochrist(a)redhat.com, jpallich(a)redhat.com,
jshepherd(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lef(a)fedoraproject.org,
lgao(a)redhat.com, lpetrovi(a)redhat.com,
lthon(a)redhat.com, mat.booth(a)redhat.com,
mbabacek(a)redhat.com, mmccune(a)redhat.com,
mnovotny(a)redhat.com, mszynkie(a)redhat.com,
myarboro(a)redhat.com, ngough(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pgallagh(a)redhat.com, ppenicka(a)redhat.com,
pwright(a)redhat.com, rchan(a)redhat.com,
rjerrido(a)redhat.com, rrajasek(a)redhat.com,
rruss(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, sdaley(a)redhat.com,
sisharma(a)redhat.com, smohan(a)redhat.com,
ssaha(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
tcunning(a)redhat.com, tkirby(a)redhat.com,
tlestach(a)redhat.com, trepel(a)redhat.com,
trogers(a)redhat.com, twalsh(a)redhat.com,
vbellur(a)redhat.com, weli(a)redhat.com
Target Milestone: ---
Classification: Other
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading
XML configuration due to missing protections against recursive entity expansion
when loading configuration.
References:
https://hackerone.com/reports/509315
http://www.cvedetails.com/cve/CVE-2019-5427/
Upstream commit:
https://github.com/swaldman/c3p0/commit/f38f27635c384806c2a9d6500d80183d9...
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 1 month
[Bug 1713215] New: CVE-2016-10750 hazelcast: java deserialization in join cluster procedure leading to remote code execution
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1713215
Bug ID: 1713215
Summary: CVE-2016-10750 hazelcast: java deserialization in join
cluster procedure leading to remote code execution
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=important,public=20160426,reported=20190522,sou
rce=cve,cvss3=8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H
/I:H/A:H,cwe=CWE-502,fedora-all/hazelcast=affected,fus
e-6/hazelcast=new,fuse-7/hazelcast=new
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: mrehak(a)redhat.com
CC: aileenc(a)redhat.com, chazlett(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jochrist(a)redhat.com, puntogil(a)libero.it
Target Milestone: ---
Classification: Other
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote
code execution via Java deserialization.
Upstream issue:
https://github.com/hazelcast/hazelcast/issues/8024
Upstream pull:
https://github.com/hazelcast/hazelcast/pull/12230
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 1 month
[Bug 1701056] New: CVE-2019-0232 tomcat: Remote Code Execution on Windows
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1701056
Bug ID: 1701056
Summary: CVE-2019-0232 tomcat: Remote Code Execution on Windows
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=important,public=20190410,reported=20190416,sou
rce=cve,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N
/I:N/A:H,cwe=CWE-20,fedora-all/tomcat=notaffected,rhsc
l-3/rh-java-common-tomcat=notaffected,bpms-6/tomcat=no
taffected,brms-6/tomcat=notaffected,epel-all/tomcat=no
taffected,brms-5/jbossweb=notaffected,eap-6/jbossweb=n
otaffected,eap-5/jbossweb=notaffected,jdg-6/jbossweb=n
otaffected,jdg-7/tomcat=notaffected,jdv-6/jbossweb=not
affected,fuse-6/tomcat=notaffected,fuse-7/tomcat=notaf
fected,fsw-6/jbossweb=notaffected,soap-5/jbossweb=nota
ffected,springboot-1/tomcat=notaffected,jbews-2/tomcat
6=new,jws-3/tomcat7=new,rhel-7/tomcat=notaffected,jbew
s-2/tomcat7=new,jws-3/tomcat8=new,rhel-6/tomcat6=notaf
fected,jon-3/jbossweb=notaffected,jws-5/tomcat=new,rhe
l-8/pki-deps:10.6/pki-servlet-container=notaffected
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: lpardo(a)redhat.com
CC: aileenc(a)redhat.com, alazarot(a)redhat.com,
alee(a)redhat.com, anstephe(a)redhat.com,
avibelli(a)redhat.com, bgeorges(a)redhat.com,
bmaxwell(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, cmoulliard(a)redhat.com,
coolsvap(a)gmail.com, csutherl(a)redhat.com,
darran.lofthouse(a)redhat.com, dimitris(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
etirelli(a)redhat.com, fgavrilo(a)redhat.com,
gvarsami(a)redhat.com, gzaronik(a)redhat.com,
hhorak(a)redhat.com, ibek(a)redhat.com,
ikanello(a)redhat.com, ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jclere(a)redhat.com, jcoleman(a)redhat.com,
jdoyle(a)redhat.com, jochrist(a)redhat.com,
jolee(a)redhat.com, jondruse(a)redhat.com,
jorton(a)redhat.com, jpallich(a)redhat.com,
jschatte(a)redhat.com, jshepherd(a)redhat.com,
jstastny(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
lgao(a)redhat.com, loleary(a)redhat.com,
lpetrovi(a)redhat.com, lthon(a)redhat.com,
mbabacek(a)redhat.com, mizdebsk(a)redhat.com,
mszynkie(a)redhat.com, myarboro(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pgallagh(a)redhat.com, pgier(a)redhat.com,
pjurak(a)redhat.com, ppalaga(a)redhat.com,
psakar(a)redhat.com, pslavice(a)redhat.com,
rhcs-maint(a)redhat.com, rnetuka(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rstancel(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
rzhang(a)redhat.com, sdaley(a)redhat.com,
spinder(a)redhat.com, tcunning(a)redhat.com,
theute(a)redhat.com, tkirby(a)redhat.com,
trogers(a)redhat.com, twalsh(a)redhat.com,
vhalbert(a)redhat.com, vtunka(a)redhat.com,
weli(a)redhat.com
Blocks: 1700240
Target Milestone: ---
Classification: Other
Blocks: 1700240
A vulnerability was found in in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to
8.5.39 and 7.0.0 to 7.0.93. When running on Windows with enableCmdLineArguments
enabled, the CGI Servlet is vulnerable to Remote Code Execution due to a bug in
the way the JRE passes command line arguments to Windows. The CGI Servlet is
disabled by default. The CGI option enableCmdLineArguments is disable by
default in Tomcat 9.0.x (and will be disabled by default in all versions in
response to this vulnerability).
References:
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-9.html
Upstream Patch:
https://github.com/apache/tomcat/commit/7f0221b
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 1 month
[Bug 1698508] New: CVE-2019-11065 gradle: Insecure HTTP URL used to download dependencies leading to possibly maliciously compromised artifacts.
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1698508
Bug ID: 1698508
Summary: CVE-2019-11065 gradle: Insecure HTTP URL used to
download dependencies leading to possibly maliciously
compromised artifacts.
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=important,public=20190409,reported=20190410,sou
rce=internet,cvss3=8.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:
U/C:H/I:H/A:N,cwe=CWE-345,fedora-28/gradle=affected,fe
dora-29/gradle=affected,epel-6/gradle=affected,jbews-3
/gradle=new
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: mrehak(a)redhat.com
CC: csutherl(a)redhat.com, dan(a)danieljamesscott.org,
gzaronik(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jclere(a)redhat.com, jjelen(a)redhat.com, lgao(a)redhat.com,
lkundrak(a)v3.sk, mbabacek(a)redhat.com,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
myarboro(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
twalsh(a)redhat.com, weli(a)redhat.com
Target Milestone: ---
Classification: Other
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download
dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are
used. Dependency artifacts could have been maliciously compromised by a MITM
attack against the ajax.googleapis.com web site.
External Referencies:
https://nvd.nist.gov/vuln/detail/CVE-2019-11065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11065
Upstream Repository:
https://github.com/gradle/gradle/pull/8927
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 1 month
[Bug 1696034] New: CVE-2019-7611 elasticsearch: Improper permission issue when attaching a new name to an index
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1696034
Bug ID: 1696034
Summary: CVE-2019-7611 elasticsearch: Improper permission issue
when attaching a new name to an index
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190219,reported=20190219,sour
ce=cve,cvss3=6.8/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/
I:H/A:N,cwe=CWE-285,openshift-enterprise-3.11/elastics
earch=new,openshift-enterprise-3.10/elasticsearch=new,
openshift-enterprise-3.9/elasticsearch=new,openshift-e
nterprise-3.7/elasticsearch=new,openshift-enterprise-3
.6/elasticsearch=new,openshift-enterprise-3.1/elastics
earch=new,openshift-enterprise-3.0/elasticsearch=new,o
penstack-8-optools/elasticsearch=new,openshift-enterpr
ise-3.5/elasticsearch=new,openshift-enterprise-3.4/ela
sticsearch=new,openshift-enterprise-3.3/elasticsearch=
new,openshift-enterprise-3.2/elasticsearch=new,opensta
ck-9-optools/elasticsearch=new,fedora-all/elasticsearc
h=affected,sam-1/elasticsearch=new,fuse-7/elasticsearc
h=new,rhdm-7/elasticsearch=new,fuse-6/elasticsearch=ne
w,rhpam-7/elasticsearch=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: ahardin(a)redhat.com, alazarot(a)redhat.com,
anstephe(a)redhat.com, bkearney(a)redhat.com,
bleanhar(a)redhat.com, bobjensen(a)gmail.com,
cbillett(a)redhat.com, ccoleman(a)redhat.com,
chazlett(a)redhat.com, dbecker(a)redhat.com,
dedgar(a)redhat.com, emmanuel(a)seyman.fr,
eparis(a)redhat.com, etirelli(a)redhat.com,
ibek(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jjoyce(a)redhat.com,
jokerman(a)redhat.com, jschluet(a)redhat.com,
jvanek(a)redhat.com, kbasil(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
lhh(a)redhat.com, lpeer(a)redhat.com, lpetrovi(a)redhat.com,
mburns(a)redhat.com, mchappel(a)redhat.com,
mmagr(a)redhat.com, pahan(a)hubbitus.info,
paradhya(a)redhat.com, rrajasek(a)redhat.com,
rsynek(a)redhat.com, rzhang(a)redhat.com,
sclewis(a)redhat.com, sdaley(a)redhat.com,
slinaber(a)redhat.com, tomckay(a)redhat.com,
zbyszek(a)in.waw.pl
Target Milestone: ---
Classification: Other
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1
when Field Level Security and Document Level Security are disabled and the
_aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file
has xpack.security.dls_fls.enabled set to false, certain permission checks are
skipped when users perform one of the actions mentioned above, to make existing
data available under a new index/alias name. This could result in an attacker
gaining additional permissions against a restricted index.
References:
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-upda...
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 1 month