Bug 801954 (CVE-2012-0325)

Summary: CVE-2012-0325 jenkins: unspecified XSS flaw
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-28 06:24:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 801964    
Bug Blocks: 801962    

Description Vincent Danen 2012-03-09 23:43:11 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0325 to
the following vulnerability:

Name: CVE-2012-0325
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0325
Assigned: 20120104
Reference: http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb
Reference: JVN:JVN#79950061
Reference: http://jvn.jp/en/jp/JVN79950061/index.html
Reference: JVNDB:JVNDB-2012-000023
Reference: http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023

Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before
1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x
before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers
to inject arbitrary web script or HTML via unspecified vectors, a
different vulnerability than CVE-2012-0324.