Bug 1639388 (CVE-2018-1000411)
| Summary: | CVE-2018-1000411 jenkins-plugin-junit: CSRF due to URL not requiring POST requests | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | ahardin, bleanhar, ccoleman, dedgar, eparis, jgoulding, jokerman, mchappel |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | jenkins-plugin-junit 1.26 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-04-14 04:31:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1639391 | ||
|
Description
Andrej Nemec
2018-10-15 15:31:23 UTC
External References: https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1101 https://github.com/jenkinsci/junit-plugin/commit/091ee0dc8dd6023713827ce1a5914fa9fa9b6043 Statement: For Openshift, Jenkins is used within the infrastructure and deployment in OCP. The package is delivered within the technology but not used by default in production environments. It requires additional configuration in running environments which would be mainly use on testing applications being deployed. The update is in the latest version released with Red Hat OpenShift 3.11. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-1000411 |