Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Jan 2014 10:31:41 +1100
From: Murray McAllister <>
CC: Reed Loden <>, Kurt Seifried <>
Subject: Re: CVE-2013-6488: Jenkins fails to sanitize input
 before adding it to the page

On 01/17/2014 05:39 PM, Reed Loden wrote:
> On Fri, 17 Jan 2014 13:02:03 +1100
> Murray McAllister <> wrote:
>> We recently received a report from Teguh P. Alko about an issue
>> affecting Jenkins. Input was not sanitized before adding it to the page.
>> The fix is public here since the start of 2013:
> is the security advisory that includes the above fix.
>> This could be used for copy and paste attacks, with the end result being
>> similar to that of cross-site scripting attacks. It has been assigned
>> CVE-2013-6488.
> Fairly sure that's just a dupe of CVE-2013-0328. See

It is a dupe :( Thanks for pointing this out.

Murray McAllister / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ