CVE Vulnerabilities

CVE-2016-3725

Published: May 17, 2016 | Modified: Jan 05, 2018
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
3.5 LOW
AV:N/AC:M/Au:S/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).

Affected Software

Name Vendor Start Version End Version
Jenkins Jenkins * 1.651.1 (including)
Red Hat OpenShift Container Platform 3.2 RedHat jenkins-0:1.651.2-1.el7 *
Red Hat OpenShift Container Platform 3.2 RedHat jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7 *
Red Hat OpenShift Enterprise 2.2 RedHat activemq-0:5.9.0-6.redhat.611463.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat ImageMagick-0:6.7.2.7-5.el6_8 *
Red Hat OpenShift Enterprise 2.2 RedHat jenkins-0:1.651.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat libcgroup-0:0.40.rc1-18.el6_8 *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-broker-0:1.16.3.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-broker-util-0:1.37.6.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-php-0:1.35.4.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-python-0:1.34.3.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-node-proxy-0:1.26.3.1-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat openshift-origin-node-util-0:1.38.7.1-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat rhc-0:1.38.7.1-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat rubygem-openshift-origin-node-0:1.38.6.4-1.el6op *
Red Hat OpenShift Enterprise 2.2 RedHat rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op *
Red Hat OpenShift Enterprise 3.1 RedHat jenkins-0:1.651.2-1.el7 *
Red Hat OpenShift Enterprise 3.1 RedHat jenkins-plugin-openshift-pipeline-0:1.0.12-1.el7 *
Jenkins Ubuntu precise *

References