Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56218

Steps to follow JENKINS upgrade 2.154 in Ubuntu 14.04 LTS

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Description:

      Jenkins is an open source automation server written in Java. Jenkins helps to automate the non-human part of the software development process, with continuous integration and facilitating technical aspects of continuous delivery. Following vulnerabilities are reported in Jenkins:- Code execution through crafted URLs- Forced migration of user records- Workspace browser allowed accessing files outside the workspace- Potential denial of service through cron expression form validation Affected Versions: Jenkins weekly up to and including 2.153Jenkins LTS up to and including 2.138.3QID Detection Logic:(Unauthenticated)This QID checks for vulnerable version by sending a crafted GET request to Jenkins. This QID also detects the vulnerable version from login page or HTTP header.

      Solution:

      Customers are advised to upgrade to  Jenkins weekly version 2.154,Jenkins LTS version 2.138.4 or 2.150.1 or later to remediate these vulnerabilities.

      Patch: Following are links for downloading patches to fix the vulnerabilities: Jenkins Security Advisory 2018-12-05

       

      Current version:

      Jenkins ver. 2.141

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          have no idea what is this request about

          Show
          oleg_nenashev Oleg Nenashev added a comment - have no idea what is this request about
          Hide
          danielbeck Daniel Beck added a comment -

          Please do not use the Jenkins project issue tracker as your personal to-do list.

          Show
          danielbeck Daniel Beck added a comment - Please do not use the Jenkins project issue tracker as your personal to-do list.

            People

            • Assignee:
              Unassigned
              Reporter:
              krishnamoorthy_m Krishnamoorthy S M
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: