|
|
|
|
|
|
by bifrost
2608 days ago
|
|
|
My 5 second lazy summaries of the CVEs: CVE-2019-1003001, CVE-2019-1003002 -> Anyone with read access to Jenkins can own the build environment. CVE-2019-1003000 -> I didn't get a lot of the details on this but it basically looks like "broken sandboxing, you can run bad scripts". This is also a good resource:
https://packetstormsecurity.com/files/152132/Jenkins-ACL-Byp... |
|
|