Jenkins 多高危漏洞公告 (CVE-2018-1999001/002): 未授权文件读取与配置重置

关键漏洞信息 SECURITY-897 / CVE-2018-1999001 Severity: High Description: Unauthenticated users could manipulate login credentials to cause Jenkins to delete the config.xml file, leading Jenkins to revert to default settings that grant admin access to anonymous users. SECURITY-914 / CVE-2018-1999002 Severity: High Description: Arbitrary file read vulnerability in the Stapler web framework allowed unauthenticated users to read any file accessible by the Jenkins controller via crafted HTTP requests. SECURITY-891 / CVE-2018-1999003 Severity: Medium Description: Unauthorized users could cancel queued builds due to a lack of permission checks. SECURITY-892 / CVE-2018-1999004 Severity: Medium Description: Unauthorized users could initiate and abort agent launches without proper permission checks. SECURITY-944 / CVE-2018-1999005 Severity: Medium Description: Stored XSS vulnerability in build timeline widget due to unescaped display names. SECURITY-925 / CVE-2018-1999006 Severity: Medium Description: Unauthorized users could determine plugin extraction dates via HTTP-accessible files. SECURITY-390 / CVE-2018-1999007 Severity: Medium Description: XSS vulnerability in Stapler debug mode error pages. Affected Versions Jenkins weekly up to and including 2.132 Jenkins LTS up to and including 2.121.1 Fix Update Jenkins weekly to 2.133 Update Jenkins LTS to 2.121.2

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Jenkins 多高危漏洞公告 (CVE-2018-1999001/002): 未授权文件读取与配置重置

目标达成感谢每一位支持者 — 我们达成了 100% 目标！