diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-25 21:59:00 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-25 21:59:00 +0100 |
| commit | 85125a6abcb1e919cafb23566e559f0d55ee2605 (patch) | |
| tree | a1c727f36cb68b85c59157d0f9e79885365466de | |
| parent | 3be94676501dc5b5fc8ba0776628ecd4c434a12e (diff) | |
Replace some jenkins specific NFUs to the source package
| -rw-r--r-- | data/CVE/2017.list | 20 | ||||
| -rw-r--r-- | data/CVE/2018.list | 44 | ||||
| -rw-r--r-- | data/CVE/2019.list | 40 | ||||
| -rw-r--r-- | data/CVE/2020.list | 30 | ||||
| -rw-r--r-- | data/CVE/2021.list | 24 |
5 files changed, 79 insertions, 79 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 5b6655ea5b..970a6f66b4 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -5802,27 +5802,27 @@ CVE-2017-1000403 (Jenkins Speaks! Plugin, all current versions, allows users wit CVE-2017-1000402 (Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the c ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000401 (The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000400 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(j ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000399 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/ ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000398 (The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /com ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000397 (Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000396 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000395 (Jenkins 2.73.1 and earlier, 2.83 and earlier provides information abou ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000394 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000393 (Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000392 (Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestion ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000391 (Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metada ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2017-1000390 (Jenkins Multijob plugin version 1.25 and earlier did not check permiss ...) NOT-FOR-US: Jenkins plugin CVE-2017-1000389 (Some URLs provided by Jenkins global-build-stats plugin version 1.4 an ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 1d74d94326..f5fa559205 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1301,7 +1301,7 @@ CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively conve CVE-2018-20742 (An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. ...) NOT-FOR-US: UC Berkeley RISE Opaque CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web framework use ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-20741 RESERVED CVE-2018-20740 @@ -1495,15 +1495,15 @@ CVE-2018-1000412 (An improper authorization vulnerability exists in Jenkins Jira CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins JUnit Plu ...) NOT-FOR-US: Jenkins plugin CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins 2.145 and earl ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and earlier, ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145 and earlier, ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145 and earli ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and earlier, LT ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-20683 (commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsyn ...) - gitolite3 3.6.11-1 (bug #918849) [stretch] - gitolite3 <no-dsa> (Minor issue) @@ -3725,17 +3725,17 @@ CVE-2018-20010 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-accoun CVE-2018-20009 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Prov ...) NOT-FOR-US: DomainMOD CVE-2018-1000866 (A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000865 (A sandbox bypass vulnerability exists in Script Security Plugin 1.47 a ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000864 (A denial of service vulnerability exists in Jenkins 2.153 and earlier, ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000863 (A data modification vulnerability exists in Jenkins 2.153 and earlier, ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000862 (An information exposure vulnerability exists in Jenkins 2.153 and earl ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000861 (A code execution vulnerability exists in the Stapler web framework use ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-20008 (iBall Baton iB-WRB302N20122017 devices have improper access control ov ...) NOT-FOR-US: iBall Baton iB-WRB302N20122017 devices CVE-2018-20007 (Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access con ...) @@ -18459,19 +18459,19 @@ CVE-2018-14391 CVE-2018-14390 RESERVED CVE-2018-1999001 (A unauthorized modification of configuration vulnerability exists in J ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999002 (A arbitrary file read vulnerability exists in Jenkins 2.132 and earlie ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999003 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999004 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999005 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999006 (A exposure of sensitive information vulnerability exists in Jenkins 2. ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1999007 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-14389 (joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val ...) NOT-FOR-US: joyplus-cms CVE-2018-14388 (joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_de ...) @@ -25059,11 +25059,11 @@ CVE-2018-1000197 (An improper authorization vulnerability exists in Jenkins Blac CVE-2018-1000196 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...) NOT-FOR-US: Jenkins plugin CVE-2018-1000195 (A server-side request forgery vulnerability exists in Jenkins 2.120 an ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000194 (A path traversal vulnerability exists in Jenkins 2.120 and older, LTS ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-1000193 (A improper neutralization of control sequences vulnerability exists in ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2018-12015 (In Perl through 5.26.2, the Archive::Tar module allows remote attacker ...) {DSA-4226-1} - perl 5.26.2-6 (bug #900834) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index aef807709c..888c00e3d6 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -25949,9 +25949,9 @@ CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism b CVE-2019-11067 RESERVED CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not properly ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was updated t ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-11066 (openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted Open ...) NOT-FOR-US: LightOpenID CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...) @@ -27733,17 +27733,17 @@ CVE-2019-10408 (A cross-site request forgery vulnerability in Jenkins Project In CVE-2019-10407 (Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list ...) NOT-FOR-US: Jenkins plugin CVE-2019-10406 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-10405 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value o ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-10404 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-10403 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-10402 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-10401 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandabl ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-10400 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...) NOT-FOR-US: Jenkins plugin CVE-2019-10399 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...) @@ -27777,9 +27777,9 @@ CVE-2019-10386 (A cross-site request forgery vulnerability in Jenkins XL TestVie CVE-2019-10385 (Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2019-10384 (Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to ob ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-10383 (A stored cross-site scripting vulnerability in Jenkins 2.191 and earli ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-10382 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SS ...) NOT-FOR-US: Jenkins plugin CVE-2019-10381 (Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS ...) @@ -27837,11 +27837,11 @@ CVE-2019-10356 (A sandbox bypass vulnerability in Jenkins Script Security Plugin CVE-2019-10355 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2019-10354 (A vulnerability in the Stapler web framework used in Jenkins 2.185 and ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-10353 (CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-10352 (A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176 ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-10351 (Jenkins Caliper CI Plugin stores credentials unencrypted in job config ...) NOT-FOR-US: Jenkins plugin CVE-2019-10350 (Jenkins Port Allocator Plugin stores credentials unencrypted in job co ...) @@ -32894,15 +32894,15 @@ CVE-2019-8952 (A Path Traversal vulnerability located in the webserver affects s CVE-2019-8951 (An Open Redirect vulnerability located in the webserver affects severa ...) NOT-FOR-US: Bosch CVE-2019-1003028 (A server-side request forgery vulnerability exists in Jenkins JMS Mess ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-1003027 (A server-side request forgery vulnerability exists in Jenkins OctopusD ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-1003026 (A server-side request forgery vulnerability exists in Jenkins Mattermo ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-1003025 (A exposure of sensitive information vulnerability exists in Jenkins Cl ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-1003024 (A sandbox bypass vulnerability exists in Jenkins Script Security Plugi ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-8950 (The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices w ...) NOT-FOR-US: DASAN CVE-2019-8949 @@ -38911,9 +38911,9 @@ CVE-2019-6502 (sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a me NOTE: https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9 (0.20.0-rc1) NOTE: Negligible security impact, assigning a CVE seems out of proportion... CVE-2019-1003004 (An improper authorization vulnerability exists in Jenkins 2.158 and ea ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-1003003 (An improper authorization vulnerability exists in Jenkins 2.158 and ea ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2019-1003002 (A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003001 (A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 86ec07a418..d5b98187de 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -65570,13 +65570,13 @@ CVE-2020-2225 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape th CVE-2020-2224 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape the nod ...) NOT-FOR-US: Jenkins plugin CVE-2020-2223 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape cor ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2222 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2221 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2220 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2219 (Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of lin ...) NOT-FOR-US: Jenkins plugin CVE-2020-2218 (Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password ...) @@ -65690,13 +65690,13 @@ CVE-2020-2165 (Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured CVE-2020-2164 (Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory se ...) NOT-FOR-US: Jenkins plugin CVE-2020-2163 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processe ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2162 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Conten ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2161 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly e ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2160 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different repr ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job ...) NOT-FOR-US: Jenkins CryptoMove Plugin CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its YAML pa ...) @@ -65806,19 +65806,19 @@ CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server pa CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earli ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session ide ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a const ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses e ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...) NOT-FOR-US: Jenkins plugin CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform permission chec ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index b227c7df1f..1cd3343bd3 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -12307,7 +12307,7 @@ CVE-2021-22114 CVE-2021-22113 (Applications using the “Sensitive Headers” functionality i ...) NOT-FOR-US: Spring Cloud Netflix Zuul CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5. ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-22111 RESERVED CVE-2021-22110 @@ -13322,7 +13322,7 @@ CVE-2021-21617 (A cross-site request forgery (CSRF) vulnerability in Jenkins Con CVE-2021-21616 (Jenkins Active Choices Plugin 2.5.2 and earlier does not escape refere ...) NOT-FOR-US: Jenkins plugin CVE-2021-21615 (Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-21614 (Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials u ...) NOT-FOR-US: Jenkins plugin CVE-2021-21613 (Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS servic ...) @@ -13330,25 +13330,25 @@ CVE-2021-21613 (Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS CVE-2021-21612 (Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credenti ...) NOT-FOR-US: Jenkins plugin CVE-2021-21611 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape dis ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-21610 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-21609 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-21608 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape but ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-21607 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit size ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-21606 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validate ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-21605 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with A ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-21604 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers wi ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-21603 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape not ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-21602 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbi ...) - NOT-FOR-US: Jenkins + - jenkins <removed> CVE-2021-21601 RESERVED CVE-2021-21600 |