[Bug 1819198] New: CVE-2020-2161 jenkins: XSS in job configuration pages

List overview All Threads
Download

newer

older

[Bug 1887258] New: CVE-2020-26945...

[Bug 1819222] New: CVE-2020-2163...

bugzilla＠redhat.com

31 Mar 2020 31 Mar '20

2:58 p.m.

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Bug ID: 1819198 Summary: CVE-2020-2161 jenkins: XSS in job configuration pages Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: darunesh@redhat.com CC: abenaiss@redhat.com, aos-bugs@redhat.com, bmontgom@redhat.com, eparis@redhat.com, extras-orphan@fedoraproject.org, java-sig-commits@lists.fedoraproject.org, jburrell@redhat.com, jokerman@redhat.com, mizdebsk@redhat.com, msrb@redhat.com, nstielau@redhat.com, pbhattac@redhat.com, sponnaga@redhat.com, vbobade@redhat.com Target Milestone: --- Classification: Other

A vulnerability was found in Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.

Reference: http://www.openwall.com/lists/oss-security/2020/03/25/2

-- You are receiving this mail because: You are on the CC list for the bug.

Show replies by date

bugzilla＠redhat.com

31 Mar 31 Mar

2:59 p.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Dhananjay Arunesh darunesh@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1819199

Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1819199 [Bug 1819199] CVE-2020-2161 jenkins: XSS in job configuration pages [fedora-all]

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:59 p.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

--- Comment #1 from Dhananjay Arunesh darunesh@redhat.com --- Created jenkins tracking bugs for this issue:

Affects: fedora-all [bug 1819199]

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:59 p.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Dhananjay Arunesh darunesh@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1819191

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

1 Apr 1 Apr

3:22 a.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Sam Fowler sfowler@redhat.com changed:

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

3:22 a.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

--- Comment #2 from Sam Fowler sfowler@redhat.com --- External References:

https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1781

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

3:55 a.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Sam Fowler sfowler@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1819499, 1819508, 1819504

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

5:34 a.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Sam Fowler sfowler@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On|1819504 |

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

5:35 a.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Sam Fowler sfowler@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1819501

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

5:40 a.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Sam Fowler sfowler@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On|1819499 |

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

5:41 a.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Sam Fowler sfowler@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1819497

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

5:44 a.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Sam Fowler sfowler@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On|1819508 |

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

5:45 a.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Sam Fowler sfowler@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1819505

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2 Apr 2 Apr

6:46 a.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Sam Fowler sfowler@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1820018, 1820017

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

27 Aug 27 Aug

4:52 p.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

Vikas Laad vlaad@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1873174

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

12 Oct 12 Oct

11:07 a.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198

jawed jkhelil@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1877292

-- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

24 Nov 24 Nov

8:32 p.m.

New subject: [Bug 1819198] CVE-2020-2161 jenkins: XSS in job configuration pages

https://bugzilla.redhat.com/show_bug.cgi?id=1819198 Bug 1819198 depends on bug 1819199, which changed state.

Bug 1819199 Summary: CVE-2020-2161 jenkins: XSS in job configuration pages [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1819199

What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL

-- You are receiving this mail because: You are on the CC list for the bug.

1315

Age (days ago)

1553

Last active (days ago)

java-sig-commits@lists.fedoraproject.org

16 comments

1 participants

tags (0)

participants (1)

bugzilla＠redhat.com