Bug 1668345 (CVE-2019-1003003)
Summary: | CVE-2019-1003003 jenkins: cookie crafted using Jenkins script console allows unauthorised access to Jenkins instance | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | msiddiqu |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abenaiss, adam.kaplan, ahardin, aos-bugs, bleanhar, bmontgom, bparees, ccoleman, dedgar, eparis, gmontero, java-sig-commits, jburrell, jgoulding, jokerman, mchappel, mizdebsk, mmccomas, msrb, nstielau, obulatov, pbhattac, psampaio, sponnaga, vbobade, wzheng |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Jenkins weekly 2.160, Jenkins LTS 2.150.2 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-03-05 03:05:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1668446 | ||
Bug Blocks: | 1668794 |
Description
msiddiqu
2019-01-22 13:43:53 UTC
Created jenkins tracking bugs for this issue: Affects: fedora-28 [bug 1668346] External References: https://jenkins.io/security/advisory/2019-01-16/ Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1668446] The v3.11 image has already been released with 2.150.2. Customers should look for: registry.access.redhat.com/openshift3/jenkins-2-rhel7 v3.11 19080d270283 2 weeks ago 1.42GB and the 4.0 image is shipping with 2.150.2 Per strategy for jenkins security advisories, we are only updating 3.11.x and 4.x. Instructions for how older 3.x clusters can use the 3.11.x image are at https://github.com/openshift/jenkins#jenkins-security-advisories-the-master-image-from-this-repository-and-the-oc-binary This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0326 |