XSS vulnerability in Jenkins error pages when running in standalone mode
Bug #889181 reported by
James Page
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
jenkins (Ubuntu) |
Fix Released
|
Undecided
|
James Page | ||
Oneiric |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
James Page | ||
jenkins-winstone (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Jenkins pre 1.409.3 has a cross site scripting security vulnerability in the error pages provided by the winstone servlet container that Jenkins runs in when running in standalone mode:
See http://
This will require a fix into the jenkins-winstone package (already in uploaded to Debian and synced to precise for current development) and a rebuild of jenkins to pickup the new version of this library to resolve the issue for oneiric.
visibility: | private → public |
Changed in jenkins-winstone (Ubuntu Precise): | |
status: | New → Triaged |
Changed in jenkins (Ubuntu Precise): | |
status: | New → Triaged |
Changed in jenkins-winstone (Ubuntu Precise): | |
status: | Triaged → Fix Released |
Changed in jenkins-winstone (Ubuntu Oneiric): | |
status: | Fix Released → Fix Committed |
status: | Fix Committed → In Progress |
Changed in jenkins (Ubuntu Precise): | |
status: | Triaged → In Progress |
assignee: | nobody → James Page (james-page) |
Changed in jenkins-winstone (Ubuntu Oneiric): | |
assignee: | nobody → James Page (james-page) |
To post a comment you must log in.
Patchset from upstream git repo for jenkins-winstone: https:/ /github. com/jenkinsci/ winstone/ commit/ 410ed3001d51c68 9cf59085b741746 6caa2ded7b. patch