Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jenkins | Jenkins | * | 1.480.2 (including) |
| RHEL 6 Version of OpenShift Enterprise | RedHat | jenkins-0:1.502-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-jenkins-1.4-0:1.0.3-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-rubygem-rack-1:1.4.1-4.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-rack-1:1.3.0-4.el6op | * |
| Jenkins | Ubuntu | oneiric | * |
| Jenkins | Ubuntu | precise | * |
| Jenkins | Ubuntu | quantal | * |
| Jenkins | Ubuntu | raring | * |
| Jenkins | Ubuntu | saucy | * |
| Jenkins | Ubuntu | upstream | * |
References
- http://rhn.redhat.com/errata/RHSA-2013-0638.html
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb
- http://www.openwall.com/lists/oss-security/2013/02/21/7
- https://bugzilla.redhat.com/show_bug.cgi?id=914877
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
- http://rhn.redhat.com/errata/RHSA-2013-0638.html
- http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-02-16.cb
- http://www.openwall.com/lists/oss-security/2013/02/21/7
- https://bugzilla.redhat.com/show_bug.cgi?id=914877
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16