Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 18 Nov 2017 08:26:47 +0100
From: Daniel Beck <>
Subject: Re: Multiple vulnerabilities in Jenkins

> On 8. Nov 2017, at 11:56, Daniel Beck <> wrote:
> Jenkins stores metadata related to "people", which encompasses actual user 
> accounts, as well as users appearing in SCM, in directories corresponding 
> to the user ID on disk. These directories used the user ID for their name 
> without additional escaping. This potentially resulted in a number of 
> problems, such as the following:
> 1. User names consisting of a single forward slash would have their user 
> record stored in the parent directory; deleting this user deleted all user 
> records.
> 2. User names containing character sequences such as .. could be used to 
> clobber other configuration files in Jenkins.
> 3. User names could consist of reserved names such as COM (on Windows).


> Autocompletion suggestions for text fields were not escaped, resulting in a 
> persisted cross-site scripting vulnerability if the source for the 
> suggestions allowed specifying text that includes HTML metacharacters like 
> less-than and greater-than characters.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ