RHSA-2015_1844
Vulnerability from csaf_redhat - Published: 2015-09-30 16:35 - Updated: 2024-11-22 09:23Summary
Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.7 security, bug fix and enhancement update
Severity
Important
Notes
Topic: Red Hat OpenShift Enterprise release 2.2.7 is now available with
updates to packages that fix several bugs and introduce feature
enhancements.
Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the references section.
Details: OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
Space precludes documenting all of the bug fixes in this advisory.
See the OpenShift Enterprise Technical Notes, which will be updated
shortly for release 2.2.7, for details about these changes. The
following security issues are addressed in this release:
A flaw was found in the Jenkins API token-issuing service. The
service was not properly protected against anonymous users,
potentially allowing remote attackers to escalate privileges.
(CVE-2015-1814)
It was found that the combination filter Groovy script could allow
a remote attacker to potentially execute arbitrary code on a
Jenkins master. (CVE-2015-1806)
It was found that when building artifacts, the Jenkins server would
follow symbolic links, potentially resulting in disclosure of
information on the server. (CVE-2015-1807)
A denial of service flaw was found in the way Jenkins handled
certain update center data. An authenticated user could provide
specially crafted update center data to Jenkins, causing plug-in
and tool installation to not work properly. (CVE-2015-1808)
It was found that Jenkins' XPath handling allowed XML External
Entity (XXE) expansion. A remote attacker with read access could
use this flaw to read arbitrary XML files on the Jenkins server.
(CVE-2015-1809)
It was discovered that the internal Jenkins user database did not
restrict access to reserved names, allowing users to escalate
privileges. (CVE-2015-1810)
It was found that Jenkins' XML handling allowed XML External Entity
(XXE) expansion. A remote attacker with the ability to pass XML
data to Jenkins could use this flaw to read arbitrary XML files on
the Jenkins server. (CVE-2015-1811)
Two cross-site scripting (XSS) flaws were found in Jenkins. A
remote attacker could use these flaws to conduct XSS attacks
against users of an application using Jenkins. (CVE-2015-1812,
CVE-2015-1813)
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html
All OpenShift Enterprise 2 users are advised to upgrade to these
updated packages.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that the combination filter Groovy script could allow a remote attacker to potentially execute arbitrary code on a Jenkins master.
6.5 ()
Vendor Fix
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
See the OpenShift Enterprise 2.2 Release Notes, which will be
updated shortly for release 2.2.7, for important instructions on
how to fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2015:1844
It was found that when building artifacts, the Jenkins server would follow symbolic links, potentially resulting in disclosure of information on the server.
4.0 ()
Vendor Fix
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
See the OpenShift Enterprise 2.2 Release Notes, which will be
updated shortly for release 2.2.7, for important instructions on
how to fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2015:1844
A denial of service flaw was found in the way Jenkins handled certain update center data. An authenticated user could provide specially crafted update center data to Jenkins, causing plug-in and tool installation to not work properly.
3.5 ()
Vendor Fix
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
See the OpenShift Enterprise 2.2 Release Notes, which will be
updated shortly for release 2.2.7, for important instructions on
how to fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2015:1844
It was found that Jenkins' XPath handling allowed XML External Entity (XXE) expansion. A remote attacker with read access could use this flaw to read arbitrary XML files on the Jenkins server.
4.3 ()
Vendor Fix
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
See the OpenShift Enterprise 2.2 Release Notes, which will be
updated shortly for release 2.2.7, for important instructions on
how to fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2015:1844
It was discovered that the internal Jenkins user database did not restrict access to reserved names, allowing users to escalate privileges.
4.6 ()
Vendor Fix
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
See the OpenShift Enterprise 2.2 Release Notes, which will be
updated shortly for release 2.2.7, for important instructions on
how to fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2015:1844
It was found that Jenkins' XML handling allowed XML External Entity (XXE) expansion. A remote attacker with the ability to pass XML data to Jenkins could use this flaw to read arbitrary XML files on the Jenkins server.
3.5 ()
Vendor Fix
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
See the OpenShift Enterprise 2.2 Release Notes, which will be
updated shortly for release 2.2.7, for important instructions on
how to fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2015:1844
Two cross-site scripting (XSS) flaws were found in Jenkins. A remote attacker could use these flaws to conduct XSS attacks against users of an application using Jenkins.
4.3 ()
Vendor Fix
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
See the OpenShift Enterprise 2.2 Release Notes, which will be
updated shortly for release 2.2.7, for important instructions on
how to fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2015:1844
Two cross-site scripting (XSS) flaws were found in Jenkins. A remote attacker could use these flaws to conduct XSS attacks against users of an application using Jenkins.
4.3 ()
Vendor Fix
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
See the OpenShift Enterprise 2.2 Release Notes, which will be
updated shortly for release 2.2.7, for important instructions on
how to fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2015:1844
A flaw was found in the Jenkins API token-issuing service. The service was not properly protected against anonymous users, potentially allowing remote attackers to escalate privileges.
7.5 ()
Vendor Fix
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
See the OpenShift Enterprise 2.2 Release Notes, which will be
updated shortly for release 2.2.7, for important instructions on
how to fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
https://access.redhat.com/errata/RHSA-2015:1844
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Enterprise release 2.2.7 is now available with \nupdates to packages that fix several bugs and introduce feature \nenhancements.\n\nRed Hat Product Security has rated this update as having Important \nsecurity impact. A Common Vulnerability Scoring System (CVSS) base \nscore, which gives a detailed severity rating, is available from the \nCVE link in the references section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Enterprise by Red Hat is the company\u0027s cloud computing \nPlatform-as-a-Service (PaaS) solution designed for on-premise or \nprivate cloud deployments.\n\nSpace precludes documenting all of the bug fixes in this advisory. \nSee the OpenShift Enterprise Technical Notes, which will be updated \nshortly for release 2.2.7, for details about these changes. The\nfollowing security issues are addressed in this release:\n\nA flaw was found in the Jenkins API token-issuing service. The \nservice was not properly protected against anonymous users, \npotentially allowing remote attackers to escalate privileges. \n(CVE-2015-1814)\n\nIt was found that the combination filter Groovy script could allow \na remote attacker to potentially execute arbitrary code on a \nJenkins master. (CVE-2015-1806)\n\nIt was found that when building artifacts, the Jenkins server would \nfollow symbolic links, potentially resulting in disclosure of \ninformation on the server. (CVE-2015-1807)\n\nA denial of service flaw was found in the way Jenkins handled \ncertain update center data. An authenticated user could provide \nspecially crafted update center data to Jenkins, causing plug-in \nand tool installation to not work properly. (CVE-2015-1808)\n\nIt was found that Jenkins\u0027 XPath handling allowed XML External \nEntity (XXE) expansion. A remote attacker with read access could \nuse this flaw to read arbitrary XML files on the Jenkins server. \n(CVE-2015-1809)\n\nIt was discovered that the internal Jenkins user database did not \nrestrict access to reserved names, allowing users to escalate \nprivileges. (CVE-2015-1810)\n\nIt was found that Jenkins\u0027 XML handling allowed XML External Entity \n(XXE) expansion. A remote attacker with the ability to pass XML \ndata to Jenkins could use this flaw to read arbitrary XML files on \nthe Jenkins server. (CVE-2015-1811)\n\nTwo cross-site scripting (XSS) flaws were found in Jenkins. A \nremote attacker could use these flaws to conduct XSS attacks \nagainst users of an application using Jenkins. (CVE-2015-1812, \nCVE-2015-1813)\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html\nAll OpenShift Enterprise 2 users are advised to upgrade to these \nupdated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1844",
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1062253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062253"
},
{
"category": "external",
"summary": "1128567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128567"
},
{
"category": "external",
"summary": "1130028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1130028"
},
{
"category": "external",
"summary": "1138522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1138522"
},
{
"category": "external",
"summary": "1152524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152524"
},
{
"category": "external",
"summary": "1160699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160699"
},
{
"category": "external",
"summary": "1171815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1171815"
},
{
"category": "external",
"summary": "1191283",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191283"
},
{
"category": "external",
"summary": "1197123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197123"
},
{
"category": "external",
"summary": "1197576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197576"
},
{
"category": "external",
"summary": "1205615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205615"
},
{
"category": "external",
"summary": "1205616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205616"
},
{
"category": "external",
"summary": "1205620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205620"
},
{
"category": "external",
"summary": "1205622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205622"
},
{
"category": "external",
"summary": "1205623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205623"
},
{
"category": "external",
"summary": "1205625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625"
},
{
"category": "external",
"summary": "1205627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205627"
},
{
"category": "external",
"summary": "1205632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"category": "external",
"summary": "1216206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216206"
},
{
"category": "external",
"summary": "1217572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217572"
},
{
"category": "external",
"summary": "1221931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221931"
},
{
"category": "external",
"summary": "1225943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225943"
},
{
"category": "external",
"summary": "1226061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1226061"
},
{
"category": "external",
"summary": "1227501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227501"
},
{
"category": "external",
"summary": "1228373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228373"
},
{
"category": "external",
"summary": "1229300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229300"
},
{
"category": "external",
"summary": "1232827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232827"
},
{
"category": "external",
"summary": "1232921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232921"
},
{
"category": "external",
"summary": "1241750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1241750"
},
{
"category": "external",
"summary": "1257757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257757"
},
{
"category": "external",
"summary": "1264039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264039"
},
{
"category": "external",
"summary": "1264210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264210"
},
{
"category": "external",
"summary": "1264216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264216"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1844.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.7 security, bug fix and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T09:23:38+00:00",
"generator": {
"date": "2024-11-22T09:23:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2015:1844",
"initial_release_date": "2015-09-30T16:35:28+00:00",
"revision_history": [
{
"date": "2015-09-30T16:35:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-09-30T16:35:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T09:23:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Node 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Infrastructure 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product_id": "6Server-RHOSE-JBOSSEAP-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Client 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:1.609.1-1.el6op.noarch",
"product": {
"name": "jenkins-0:1.609.1-1.el6op.noarch",
"product_id": "jenkins-0:1.609.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@1.609.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.28.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"product": {
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"product_id": "openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker@1.16.2.10-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbosseap@2.26.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbossews@1.34.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-node@1.37.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.12.4.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-ruby@1.32.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-perl@1.30.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.30.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-php@1.34.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"product_id": "openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-util@1.37.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-python@1.33.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-mock@1.22.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-diy@1.26.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.37.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-msg-broker-mcollective@1.35.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-nodejs@1.33.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhc-0:1.37.1.2-1.el6op.noarch",
"product": {
"name": "rhc-0:1.37.1.2-1.el6op.noarch",
"product_id": "rhc-0:1.37.1.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@1.37.1.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-gear-placement@0.0.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"product_id": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker-util@1.36.2.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-routing-daemon@0.25.1.2-1.el6op?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:1.609.1-1.el6op.src",
"product": {
"name": "jenkins-0:1.609.1-1.el6op.src",
"product_id": "jenkins-0:1.609.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@1.609.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.28.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"product": {
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"product_id": "openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker@1.16.2.10-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbosseap@2.26.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbossews@1.34.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-node@1.37.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"product_id": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.12.4.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-ruby@1.32.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-perl@1.30.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.30.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-php@1.34.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"product": {
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"product_id": "openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-util@1.37.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-python@1.33.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-mock@1.22.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-diy@1.26.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.37.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-msg-broker-mcollective@1.35.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-nodejs@1.33.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhc-0:1.37.1.2-1.el6op.src",
"product": {
"name": "rhc-0:1.37.1.2-1.el6op.src",
"product_id": "rhc-0:1.37.1.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@1.37.1.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-gear-placement@0.0.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"product": {
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"product_id": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker-util@1.36.2.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"product": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"product_id": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-logshifter@1.10.1.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"product_id": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-routing-daemon@0.25.1.2-1.el6op?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"product": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"product_id": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-logshifter@1.10.1.2-1.el6op?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-0:1.37.1.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch"
},
"product_reference": "rhc-0:1.37.1.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-CLIENT-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-0:1.37.1.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src"
},
"product_reference": "rhc-0:1.37.1.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-CLIENT-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch"
},
"product_reference": "openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-0:1.16.2.10-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src"
},
"product_reference": "openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src"
},
"product_reference": "openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src"
},
"product_reference": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64"
},
"product_reference": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product_id": "6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-JBOSSEAP-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product_id": "6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-JBOSSEAP-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:1.609.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch"
},
"product_reference": "jenkins-0:1.609.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:1.609.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src"
},
"product_reference": "jenkins-0:1.609.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src"
},
"product_reference": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64"
},
"product_reference": "openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-util-0:1.37.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src"
},
"product_reference": "openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1806",
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205620"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the combination filter Groovy script could allow a remote attacker to potentially execute arbitrary code on a Jenkins master.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Combination filter Groovy script unsecured (SECURITY-125)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1806"
},
{
"category": "external",
"summary": "RHBZ#1205620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1806",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1806"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Combination filter Groovy script unsecured (SECURITY-125)"
},
{
"cve": "CVE-2015-1807",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205622"
}
],
"notes": [
{
"category": "description",
"text": "It was found that when building artifacts, the Jenkins server would follow symbolic links, potentially resulting in disclosure of information on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: directory traversal from artifacts via symlink (SECURITY-162)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1807"
},
{
"category": "external",
"summary": "RHBZ#1205622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205622"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1807",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1807"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1807",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1807"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: directory traversal from artifacts via symlink (SECURITY-162)"
},
{
"cve": "CVE-2015-1808",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205623"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in the way Jenkins handled certain update center data. An authenticated user could provide specially crafted update center data to Jenkins, causing plug-in and tool installation to not work properly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: update center metadata retrieval DoS attack (SECURITY-163)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1808"
},
{
"category": "external",
"summary": "RHBZ#1205623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1808"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1808",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1808"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: update center metadata retrieval DoS attack (SECURITY-163)"
},
{
"cve": "CVE-2015-1809",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205625"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Jenkins\u0027 XPath handling allowed XML External Entity (XXE) expansion. A remote attacker with read access could use this flaw to read arbitrary XML files on the Jenkins server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: external entity injection via XPath (SECURITY-165)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1809"
},
{
"category": "external",
"summary": "RHBZ#1205625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1809",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1809"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: external entity injection via XPath (SECURITY-165)"
},
{
"cve": "CVE-2015-1810",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205627"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the internal Jenkins user database did not restrict access to reserved names, allowing users to escalate privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1810"
},
{
"category": "external",
"summary": "RHBZ#1205627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1810",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1810"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)"
},
{
"cve": "CVE-2015-1811",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205632"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Jenkins\u0027 XML handling allowed XML External Entity (XXE) expansion. A remote attacker with the ability to pass XML data to Jenkins could use this flaw to read arbitrary XML files on the Jenkins server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1811"
},
{
"category": "external",
"summary": "RHBZ#1205632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1811",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1811"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
}
],
"release_date": "2015-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)"
},
{
"cve": "CVE-2015-1812",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205615"
}
],
"notes": [
{
"category": "description",
"text": "Two cross-site scripting (XSS) flaws were found in Jenkins. A remote attacker could use these flaws to conduct XSS attacks against users of an application using Jenkins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1812"
},
{
"category": "external",
"summary": "RHBZ#1205615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1812",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1812"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"
}
],
"release_date": "2015-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)"
},
{
"cve": "CVE-2015-1813",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205615"
}
],
"notes": [
{
"category": "description",
"text": "Two cross-site scripting (XSS) flaws were found in Jenkins. A remote attacker could use these flaws to conduct XSS attacks against users of an application using Jenkins.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1813"
},
{
"category": "external",
"summary": "RHBZ#1205615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1813",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1813"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"
}
],
"release_date": "2015-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)"
},
{
"cve": "CVE-2015-1814",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2015-03-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1205616"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins API token-issuing service. The service was not properly protected against anonymous users, potentially allowing remote attackers to escalate privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: forced API token change (SECURITY-180)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1814"
},
{
"category": "external",
"summary": "RHBZ#1205616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1814",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1814"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"
}
],
"release_date": "2015-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-30T16:35:28+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.7, for important instructions on \nhow to fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to \nuse the Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1844"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.37.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.2.10-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.36.2.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.37.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-gear-placement-0:0.0.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.25.1.2-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.609.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.34.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mock-0:1.22.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.34.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.33.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-logshifter-0:1.10.1.2-1.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.37.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.12.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.37.1.1-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins: forced API token change (SECURITY-180)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…