Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43636

Arbitrary code execution vulnerability

    Details

    • Similar Issues:

      Description

      According to https://jenkins.io/security/advisory/2017-04-10/ this plugin suffers from arbitrary code execution vulnerability.

        Attachments

          Activity

          Hide
          franckg Franck Gilliers added a comment -

          Hi Sean,

          You seem to be the the new maintener of this plugin artifactdeployer.

          Could you update this issue as you released version 1.2 fixing the security issue.

          Thanks !

          If I am wrong, plead advise me (and all my apologies) !

          Show
          franckg Franck Gilliers added a comment - Hi Sean, You seem to be the the new maintener of this plugin artifactdeployer. Could you update this issue as you released version 1.2 fixing the security issue. Thanks ! If I am wrong, plead advise me (and all my apologies) !
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Daniel Beck AFAICT the distribution of the plugin is no longer suspended, but https://plugins.jenkins.io/artifactdeployer still shows the warning that the distribution is suspended. Could it be an issue with regexp matching in https://github.com/jenkins-infra/update-center2/blob/master/src/main/resources/warnings.json#L349-L357 ?

          Show
          oleg_nenashev Oleg Nenashev added a comment - Daniel Beck AFAICT the distribution of the plugin is no longer suspended, but https://plugins.jenkins.io/artifactdeployer still shows the warning that the distribution is suspended. Could it be an issue with regexp matching in https://github.com/jenkins-infra/update-center2/blob/master/src/main/resources/warnings.json#L349-L357 ?
          Hide
          danielbeck Daniel Beck added a comment -

          As always, it's because the wiki is cached: https://wiki.jenkins.io/display/JENKINS/ArtifactDeployer+Plugin

          Show
          danielbeck Daniel Beck added a comment - As always, it's because the wiki is cached: https://wiki.jenkins.io/display/JENKINS/ArtifactDeployer+Plugin

            People

            • Assignee:
              seanturner83 Sean Turner
              Reporter:
              jhack Giacomo Boccardo
            • Votes:
              4 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated: