Bug 1747293 (CVE-2019-10383)
Summary: | CVE-2019-10383 jenkins: stored cross-site scripting in update center web pages (SECURITY-1453) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abenaiss, adam.kaplan, ahardin, aos-bugs, bleanhar, bmontgom, ccoleman, dedgar, eparis, java-sig-commits, jburrell, jgoulding, jokerman, mchappel, mizdebsk, msrb, nstielau, pbhattac, sponnaga, vbobade, wzheng |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-09-20 12:45:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1747294, 1747302, 1747303, 1747304 | ||
Bug Blocks: | 1747299 |
Description
Dhananjay Arunesh
2019-08-30 04:31:27 UTC
Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1747294] External References: https://jenkins.io/security/advisory/2019-08-28/#SECURITY-1453 "Any security advisory related updates to Jenkins core or the plugins we include in the OpenShift Jenkins master image will only occur in the v3.11 and v4.x branches of this repository." https://github.com/openshift/jenkins/blob/master/README.md#jenkins-security-advisories-the-master-image-from-this-repository-and-the-oc-binary Thank you for opening this bug with us. We are updating Jenkins to 2.176.3 based on https://bugzilla.redhat.com/show_bug.cgi?id=1747303 As you can see https://github.com/openshift/jenkins/pull/917 is merged into the 3.11 branch, you can expect the release for this byt End of Next week. This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.1 Via RHSA-2019:2789 https://access.redhat.com/errata/RHSA-2019:2789 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10383 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2019:3144 https://access.redhat.com/errata/RHSA-2019:3144 |