Ubuntu
jenkins package

Unauthenticated remote code execution 0-day in Jenkins CLI

Bug #1514758 reported by Marius Gedminas
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
jenkins (Ubuntu)
Expired
Undecided
Unassigned

CVE References

Marius Gedminas (mgedmin)
information type: Private Security → Public Security
Revision history for this message
Marius Gedminas (mgedmin) wrote :

A CVE number is pending: http://www.openwall.com/lists/oss-security/2015/11/09/5

Revision history for this message
Marius Gedminas (mgedmin) wrote :

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Revision history for this message
Tyler Hicks (tyhicks) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in jenkins (Ubuntu):
status: New → Incomplete
Revision history for this message
Marius Gedminas (mgedmin) wrote :

This has been assigned CVE-2015-8103 in http://www.openwall.com/lists/oss-security/2015/11/18/2, but Launchpad thinks that's not a valid CVE number.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for jenkins (Ubuntu) because there has been no activity for 60 days.]

Changed in jenkins (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.