https://bugzilla.redhat.com/show_bug.cgi?id=1747293
Bug ID: 1747293
Summary: CVE-2019-08-29 jenkins:stored cross-site scripting in
update center web pages (SECURITY-1453)
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: abenaiss(a)redhat.com, adam.kaplan(a)redhat.com,
ahardin(a)redhat.com, aos-bugs(a)redhat.com,
bleanhar(a)redhat.com, ccoleman(a)redhat.com,
dedgar(a)redhat.com, eparis(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jokerman(a)redhat.com,
mchappel(a)redhat.com, mizdebsk(a)redhat.com,
msrb(a)redhat.com, vbobade(a)redhat.com, wzheng(a)redhat.com
Target Milestone: ---
Classification: Other
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS
2.176.2 and earlier allowed attackers with Overall/Administer permission to
configure the update site URL to inject arbitrary HTML and JavaScript in update
center web pages.
Reference:
http://www.openwall.com/lists/oss-security/2019/08/28/4
--
You are receiving this mail because:
You are on the CC list for the bug.