Date: Sat, 18 Nov 2017 08:26:47 +0100 From: Daniel Beck <ml@...kweb.net> To: oss-security@...ts.openwall.com Subject: Re: Multiple vulnerabilities in Jenkins > On 8. Nov 2017, at 11:56, Daniel Beck <ml@...kweb.net> wrote: > > SECURITY-499 > Jenkins stores metadata related to "people", which encompasses actual user > accounts, as well as users appearing in SCM, in directories corresponding > to the user ID on disk. These directories used the user ID for their name > without additional escaping. This potentially resulted in a number of > problems, such as the following: > 1. User names consisting of a single forward slash would have their user > record stored in the parent directory; deleting this user deleted all user > records. > 2. User names containing character sequences such as .. could be used to > clobber other configuration files in Jenkins. > 3. User names could consist of reserved names such as COM (on Windows). CVE-2017-1000391 > SECURITY-641 > Autocompletion suggestions for text fields were not escaped, resulting in a > persisted cross-site scripting vulnerability if the source for the > suggestions allowed specifying text that includes HTML metacharacters like > less-than and greater-than characters. CVE-2017-1000392
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ