Re: Multiple vulnerabilities in Jenkins

[Daniel Beck <ml () beckweb net>]

> On 8. Nov 2017, at 11:56, Daniel Beck <ml () beckweb net> wrote:
>
> SECURITY-499
> Jenkins stores metadata related to "people", which encompasses actual user 
> accounts, as well as users appearing in SCM, in directories corresponding 
> to the user ID on disk. These directories used the user ID for their name 
> without additional escaping. This potentially resulted in a number of 
> problems, such as the following:
> 1. User names consisting of a single forward slash would have their user 
> record stored in the parent directory; deleting this user deleted all user 
> records.
> 2. User names containing character sequences such as .. could be used to 
> clobber other configuration files in Jenkins.
> 3. User names could consist of reserved names such as COM (on Windows).


CVE-2017-1000391


> SECURITY-641
> Autocompletion suggestions for text fields were not escaped, resulting in a 
> persisted cross-site scripting vulnerability if the source for the 
> suggestions allowed specifying text that includes HTML metacharacters like 
> less-than and greater-than characters.


CVE-2017-1000392