Bug 890612 - (CVE-2012-6074) CVE-2012-6074 Jenkins: cross-site scripting vulnerability
CVE-2012-6074 Jenkins: cross-site scripting vulnerability
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 890614 890615
Blocks: 890613
  Show dependency treegraph
Reported: 2012-12-28 01:03 EST by Kurt Seifried
Modified: 2016-03-04 05:55 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-04-23 09:09:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Kurt Seifried 2012-12-28 01:03:39 EST
Jenkins Security Advisory 2012-11-20

The third vulnerability is a cross-site scripting vulnerability that allows 
an attacker with some degree of write access in Jenkins to embed malicious 
JavaScript into pages generated by Jenkins.

Main line users should upgrade to Jenkins 1.491
LTS users should upgrade to 1.480.1

External URLs:
Comment 3 errata-xmlrpc 2013-01-31 15:34:15 EST
This issue has been addressed in following products:

  RHEL 6 Version of OpenShift Enterprise

Via RHSA-2013:0220 https://rhn.redhat.com/errata/RHSA-2013-0220.html

Note You need to log in before you can comment on or make changes to this bug.