Jenkins Security Advisory2017-11-16
This advisory announces vulnerabilities in
,
and
CloudBees CI
This advisory announces vulnerabilities in these Jenkins plugins:
Reflected Cross-Site Scripting vulnerability in Delivery Pipeline plugin
SECURITY-640 / CVE-2017-1000404
Delivery Pipeline Plugin used the unescaped content of the query parameter fullscreen in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs.
The plugin now converts the value to a boolean (true/false) and inserts that into the page instead.
Note
Warning
Severity
- SECURITY-640: medium
The following plugin versions are affected:
- Delivery Pipeline Plugin up to and including 1.0.7
Fix
- Delivery Pipeline Plugin should be updated to version 1.0.8
These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated
Subscribe to
security alerts
Get notified automatically when new vulnerabilities are disclosed.
Subscription confirmed
You'll now be notified automatically when new vulnerabilities are disclosed