Bug 801948 (CVE-2012-0324)

Summary: CVE-2012-0324 jenkins: unspecified XSS flaw
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-28 06:23:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 801964    
Bug Blocks: 801962    

Description Vincent Danen 2012-03-09 23:37:59 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0324 to
the following vulnerability:

Name: CVE-2012-0324
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0324
Assigned: 20120104
Reference: http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb
Reference: http://jvn.jp/en/jp/JVN14791558/index.html
Reference: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022

Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before
1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x
before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers
to inject arbitrary web script or HTML via unspecified vectors, a
different vulnerability than CVE-2012-0325.