https://bugzilla.redhat.com/show_bug.cgi?id=1501813
Bug ID: 1501813 Summary: jenkins: Jenkins core bundled vulnerable version of the commons-fileupload library (SECURITY-490) Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: bleanhar@redhat.com, ccoleman@redhat.com, dedgar@redhat.com, dmcphers@redhat.com, java-sig-commits@lists.fedoraproject.org, jgoulding@redhat.com, jkeck@redhat.com, kseifried@redhat.com, mizdebsk@redhat.com, msrb@redhat.com
Jenkins bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092.
External References:
https://jenkins.io/security/advisory/2017-10-11/