subject:"FYI\: Jenkins Security Advisory 2012\-11\-20"

Re: FYI: Jenkins Security Advisory 2012-11-20

2012-11-23 Thread Christopher Orr


Hi there,

On 21/11/12 13:33, Lars Nordin wrote:

Request to Cloudbees: please send a notification of this out on the
Jenkins user list too


There's already a mailing list for this:
https://groups.google.com/group/jenkinsci-advisories

Regards,
Chris

FYI: Jenkins Security Advisory 2012-11-20

2012-11-21 Thread Lars Nordin

I got e-mail of this via cloudbees but wanted to make sure that list members 
were also aware (I didn't see one):
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-11-20.cb

Excerpt from security announcement link above:
Severity:
CloudBees rates these vulnerabilities as high, when combined, as they allow 
malicious users to gain unauthorized access to the information and impersonate 
the administrator of the system. On the other hands, this attack can be only 
mounted passively, and the attacker needs to know the URL of your Jenkins 
installations.
Fix:
*Main line users should upgrade to Jenkins 1.491
*LTS users should upgrade to 1.480.1


Request to Cloudbees: please send a notification of this out on the Jenkins 
user list too

Re: FYI: Jenkins Security Advisory 2012-11-20

FYI: Jenkins Security Advisory 2012-11-20

2 matches

Site Navigation

Mail list logo

Footer information