Red Hat Bugzilla – Bug 1067820
CVE-2014-2065 jenkins: input validation issue (SECURITY-77)
Last modified: 2015-01-04 17:38:42 EST
Jenkins Security Advisory 2014-02-14 notes: "Jenkins had a cross-site scripting vulnerability in one of its cookies. If Jenkins is deployed in an environment that allows an attacker to override Jenkins cookies in victim's browser, this vulnerability can be exploited." Upstream fix: https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7 MITRE notes at http://www.openwall.com/lists/oss-security/2014/02/21/2 "...This is an input-validation issue but perhaps shouldn't be categorized as a standard XSS issue because of the unusual threat model." References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 2.1 Via RHBA-2014:1630 https://rhn.redhat.com/errata/RHBA-2014-1630.html