[Bug 1747293] New: CVE-2019-08-29 jenkins:stored cross-site scripting in update center web pages (SECURITY-1453)
11:31 p.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
Bug ID: 1747293
Summary: CVE-2019-08-29 jenkins:stored cross-site scripting in
update center web pages (SECURITY-1453)
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: abenaiss(a)redhat.com, adam.kaplan(a)redhat.com,
ahardin(a)redhat.com, aos-bugs(a)redhat.com,
bleanhar(a)redhat.com, ccoleman(a)redhat.com,
dedgar(a)redhat.com, eparis(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jokerman(a)redhat.com,
mchappel(a)redhat.com, mizdebsk(a)redhat.com,
msrb(a)redhat.com, vbobade(a)redhat.com, wzheng(a)redhat.com
Target Milestone: ---
Classification: Other
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS
2.176.2 and earlier allowed attackers with Overall/Administer permission to
configure the update site URL to inject arbitrary HTML and JavaScript in update
center web pages.
Reference:
http://www.openwall.com/lists/oss-security/2019/08/28/4
--
You are receiving this mail because:
You are on the CC list for the bug.
11:31 p.m.
New subject: [Bug 1747293] CVE-2019-08-29 jenkins:stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
Dhananjay Arunesh <darunesh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1747294
--- Comment #1 from Dhananjay Arunesh <darunesh(a)redhat.com> ---
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1747294]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1747294
[Bug 1747294] jenkins: CVE-2019-08-29 jenkins:stored cross-site scripting in
update center web pages (SECURITY-1453) [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
11:32 p.m.
New subject: [Bug 1747293] CVE-2019-10383 -29 jenkins:stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
Dhananjay Arunesh <darunesh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CVE-2019-10383 -29 |CVE-2019-10383 jenkins:
|jenkins:stored cross-site |stored cross-site scripting
|scripting in update center |in update center web pages
|web pages (SECURITY-1453) |(SECURITY-1453)
--
You are receiving this mail because:
You are on the CC list for the bug.
11:32 p.m.
New subject: [Bug 1747293] CVE-2019-10383 -29 jenkins:stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
Dhananjay Arunesh <darunesh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CVE-2019-08-29 |CVE-2019-10383 -29
|jenkins:stored cross-site |jenkins:stored cross-site
|scripting in update center |scripting in update center
|web pages (SECURITY-1453) |web pages (SECURITY-1453)
Alias|CVE-2019-08-29 |CVE-2019-10383
--
You are receiving this mail because:
You are on the CC list for the bug.
11:52 p.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
--- Comment #2 from Dhananjay Arunesh <darunesh(a)redhat.com> ---
External References:
https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1453
--
You are receiving this mail because:
You are on the CC list for the bug.
11:59 p.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
Dhananjay Arunesh <darunesh(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1747299
--
You are receiving this mail because:
You are on the CC list for the bug.
12:06 a.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1747304
--
You are receiving this mail because:
You are on the CC list for the bug.
12:07 a.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1747303
--
You are receiving this mail because:
You are on the CC list for the bug.
12:07 a.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1747302
--
You are receiving this mail because:
You are on the CC list for the bug.
12:15 a.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
--- Comment #3 from Sam Fowler <sfowler(a)redhat.com> ---
"Any security advisory related updates to Jenkins core or the plugins we
include in the OpenShift Jenkins master image will only occur in the v3.11 and
v4.x branches of this repository."
https://github.com/openshift/jenkins/blob/master/README.md#jenkins-securi...
--
You are receiving this mail because:
You are on the CC list for the bug.
3:22 a.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
--- Comment #4 from Akram Ben Aissi <abenaiss(a)redhat.com> ---
Thank you for opening this bug with us.
We are updating Jenkins to 2.176.3 based on
https://bugzilla.redhat.com/show_bug.cgi?id=1747303
As you can see https://github.com/openshift/jenkins/pull/917 is merged into the
3.11 branch, you can expect the release for this byt End of Next week.
--
You are receiving this mail because:
You are on the CC list for the bug.
5:16 a.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
--- Comment #5 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat OpenShift Container Platform 4.1
Via RHSA-2019:2789 https://access.redhat.com/errata/RHSA-2019:2789
--
You are receiving this mail because:
You are on the CC list for the bug.
5:16 a.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:2789
--
You are receiving this mail because:
You are on the CC list for the bug.
7:45 a.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
Product Security DevOps Team <prodsec-dev(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |ERRATA
Last Closed| |2019-09-20 12:45:35
--- Comment #6 from Product Security DevOps Team <prodsec-dev(a)redhat.com> ---
This bug is now closed. Further updates for individual products will be
reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2019-10383
--
You are receiving this mail because:
You are on the CC list for the bug.
8:34 p.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
--- Comment #7 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat OpenShift Container Platform 3.11
Via RHSA-2019:3144 https://access.redhat.com/errata/RHSA-2019:3144
--
You are receiving this mail because:
You are on the CC list for the bug.
8:34 p.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:3144
--
You are receiving this mail because:
You are on the CC list for the bug.
11:50 a.m.
New subject: [Bug 1747293] CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)
https://bugzilla.redhat.com/show_bug.cgi?id=1747293
Bug 1747293 depends on bug 1747294, which changed state.
Bug 1747294 Summary: CVE-2019-10383 jenkins: stored cross-site scripting in update center
web pages (SECURITY-1453) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1747294
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |EOL
--
You are receiving this mail because:
You are on the CC list for the bug.
1429
days inactive
1699
days old
java-sig-commits@lists.fedoraproject.org
16 comments
1 participants
participants (1)
-
bugzilla@redhat.com