RHSA-2016:0489
Vulnerability from csaf_redhat - Published: 2016-03-22 16:49 - Updated: 2026-02-18 19:39Summary
Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update
Severity
Important
Notes
Topic: Red Hat OpenShift Enterprise release 2.2.9, which fixes several
security issues, several bugs, and introduces feature enhancements, is
now available.
Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details: OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
The following security issue is addressed with this release:
It was found that ActiveMQ did not safely handle user supplied data
when deserializing objects. A remote attacker could use this flaw to
execute arbitrary code with the permissions of the ActiveMQ
application. (CVE-2015-5254)
An update for Jenkins Continuous Integration Server that addresses a
large number of security issues including XSS, CSRF, information
disclosure and code execution have been addressed as well.
(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320,
CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324,
CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538,
CVE-2015-7539, CVE-2015-8103)
Space precludes documenting all of the bug fixes in this advisory. See
the OpenShift Enterprise Technical Notes, which will be updated
shortly for release 2.2.9, for details about these changes:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html
All OpenShift Enterprise 2 users are advised to upgrade to these
updated packages.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
6.0 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
5.0 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Low
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.
4.3 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job.
2.6 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.
6.8 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.
5.0 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
2.6 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.
3.6 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.
4.3 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.
4.9 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.
3.5 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.
4.3 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.
4.3 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.
5.1 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
6.8 ()
Affected products
Fixed
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
108 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Enterprise release 2.2.9, which fixes several \nsecurity issues, several bugs, and introduces feature enhancements, is \nnow available.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Enterprise by Red Hat is the company\u0027s cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\nThe following security issue is addressed with this release:\n\nIt was found that ActiveMQ did not safely handle user supplied data \nwhen deserializing objects. A remote attacker could use this flaw to \nexecute arbitrary code with the permissions of the ActiveMQ \napplication. (CVE-2015-5254)\n\nAn update for Jenkins Continuous Integration Server that addresses a \nlarge number of security issues including XSS, CSRF, information \ndisclosure and code execution have been addressed as well. \n(CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, \nCVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324, \nCVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538, \nCVE-2015-7539, CVE-2015-8103)\n\nSpace precludes documenting all of the bug fixes in this advisory. See\nthe OpenShift Enterprise Technical Notes, which will be updated\nshortly for release 2.2.9, for details about these changes:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html\n\nAll OpenShift Enterprise 2 users are advised to upgrade to these \nupdated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0489",
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1111456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111456"
},
{
"category": "external",
"summary": "1140816",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1140816"
},
{
"category": "external",
"summary": "1160934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160934"
},
{
"category": "external",
"summary": "1168480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168480"
},
{
"category": "external",
"summary": "1169690",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169690"
},
{
"category": "external",
"summary": "1265423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265423"
},
{
"category": "external",
"summary": "1265811",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265811"
},
{
"category": "external",
"summary": "1279584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279584"
},
{
"category": "external",
"summary": "1282359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282359"
},
{
"category": "external",
"summary": "1282361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282361"
},
{
"category": "external",
"summary": "1282362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282362"
},
{
"category": "external",
"summary": "1282363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282363"
},
{
"category": "external",
"summary": "1282364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282364"
},
{
"category": "external",
"summary": "1282365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282365"
},
{
"category": "external",
"summary": "1282366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282366"
},
{
"category": "external",
"summary": "1282367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282367"
},
{
"category": "external",
"summary": "1282368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282368"
},
{
"category": "external",
"summary": "1282369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282369"
},
{
"category": "external",
"summary": "1282371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282371"
},
{
"category": "external",
"summary": "1283372",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283372"
},
{
"category": "external",
"summary": "1291292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291292"
},
{
"category": "external",
"summary": "1291795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291795"
},
{
"category": "external",
"summary": "1291797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291797"
},
{
"category": "external",
"summary": "1291798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291798"
},
{
"category": "external",
"summary": "1294513",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1294513"
},
{
"category": "external",
"summary": "1299014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1299014"
},
{
"category": "external",
"summary": "1299095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1299095"
},
{
"category": "external",
"summary": "1302787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302787"
},
{
"category": "external",
"summary": "1305688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305688"
},
{
"category": "external",
"summary": "1307174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1307174"
},
{
"category": "external",
"summary": "1307175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1307175"
},
{
"category": "external",
"summary": "1308716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308716"
},
{
"category": "external",
"summary": "1308718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308718"
},
{
"category": "external",
"summary": "1308720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308720"
},
{
"category": "external",
"summary": "1308722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308722"
},
{
"category": "external",
"summary": "1308739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308739"
},
{
"category": "external",
"summary": "1310247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310247"
},
{
"category": "external",
"summary": "1310266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310266"
},
{
"category": "external",
"summary": "1310841",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310841"
},
{
"category": "external",
"summary": "1314535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314535"
},
{
"category": "external",
"summary": "1314546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314546"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0489.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-02-18T19:39:17+00:00",
"generator": {
"date": "2026-02-18T19:39:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2016:0489",
"initial_release_date": "2016-03-22T16:49:04+00:00",
"revision_history": [
{
"date": "2016-03-22T16:49:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-03-22T16:49:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-18T19:39:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Infrastructure 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Node 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Client 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"product": {
"name": "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"product_id": "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-upgrade@2.2.9-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"product": {
"name": "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"product_id": "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.5.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.5.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.5.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhc-0:1.38.6.1-1.el6op.src",
"product": {
"name": "rhc-0:1.38.6.1-1.el6op.src",
"product_id": "rhc-0:1.38.6.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@1.38.6.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "php-0:5.3.3-46.el6_7.1.src",
"product": {
"name": "php-0:5.3.3-46.el6_7.1.src",
"product_id": "php-0:5.3.3-46.el6_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php@5.3.3-46.el6_7.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"product": {
"name": "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"product_id": "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker-util@1.37.5.3-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"product_id": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-common@1.29.5.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"product": {
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"product_id": "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src",
"product_id": "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.5.3-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"product": {
"name": "openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"product_id": "openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-util@1.38.6.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "activemq-0:5.9.0-6.redhat.611454.el6op.src",
"product": {
"name": "activemq-0:5.9.0-6.redhat.611454.el6op.src",
"product_id": "activemq-0:5.9.0-6.redhat.611454.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611454.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:1.625.3-1.el6op.src",
"product": {
"name": "jenkins-0:1.625.3-1.el6op.src",
"product_id": "jenkins-0:1.625.3-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@1.625.3-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.13.2.1-1.el6op?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"product": {
"name": "openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"product_id": "openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-release@2.2.9-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"product": {
"name": "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"product_id": "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-upgrade-node@2.2.9-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"product": {
"name": "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"product_id": "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-yum-validator@2.2.9-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"product": {
"name": "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"product_id": "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-upgrade-broker@2.2.9-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"product_id": "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.5.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-console@1.35.5.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.5.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhc-0:1.38.6.1-1.el6op.noarch",
"product": {
"name": "rhc-0:1.38.6.1-1.el6op.noarch",
"product_id": "rhc-0:1.38.6.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@1.38.6.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"product": {
"name": "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"product_id": "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker-util@1.37.5.3-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-common@1.29.5.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"product_id": "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.5.3-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"product_id": "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-util@1.38.6.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:1.625.3-1.el6op.noarch",
"product": {
"name": "jenkins-0:1.625.3-1.el6op.noarch",
"product_id": "jenkins-0:1.625.3-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@1.625.3-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-frontend-apache-vhost@0.13.2.1-1.el6op?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "php-intl-0:5.3.3-46.el6_7.1.x86_64",
"product": {
"name": "php-intl-0:5.3.3-46.el6_7.1.x86_64",
"product_id": "php-intl-0:5.3.3-46.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-intl@5.3.3-46.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-process-0:5.3.3-46.el6_7.1.x86_64",
"product": {
"name": "php-process-0:5.3.3-46.el6_7.1.x86_64",
"product_id": "php-process-0:5.3.3-46.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-process@5.3.3-46.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"product": {
"name": "php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"product_id": "php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-fpm@5.3.3-46.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-devel-0:5.3.3-46.el6_7.1.x86_64",
"product": {
"name": "php-devel-0:5.3.3-46.el6_7.1.x86_64",
"product_id": "php-devel-0:5.3.3-46.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-devel@5.3.3-46.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"product": {
"name": "php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"product_id": "php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-bcmath@5.3.3-46.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"product": {
"name": "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"product_id": "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-debuginfo@5.3.3-46.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-imap-0:5.3.3-46.el6_7.1.x86_64",
"product": {
"name": "php-imap-0:5.3.3-46.el6_7.1.x86_64",
"product_id": "php-imap-0:5.3.3-46.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-imap@5.3.3-46.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"product": {
"name": "php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"product_id": "php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/php-mbstring@5.3.3-46.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"product": {
"name": "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"product_id": "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/activemq-client@5.9.0-6.redhat.611454.el6op?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"product": {
"name": "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"product_id": "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611454.el6op?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-0:1.38.6.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch"
},
"product_reference": "rhc-0:1.38.6.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-CLIENT-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-0:1.38.6.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src"
},
"product_reference": "rhc-0:1.38.6.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-CLIENT-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-0:5.9.0-6.redhat.611454.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src"
},
"product_reference": "activemq-0:5.9.0-6.redhat.611454.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64"
},
"product_reference": "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64"
},
"product_reference": "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-release-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch"
},
"product_reference": "openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src"
},
"product_reference": "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch"
},
"product_reference": "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch"
},
"product_reference": "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch"
},
"product_reference": "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch"
},
"product_reference": "openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src"
},
"product_reference": "openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-0:5.9.0-6.redhat.611454.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src"
},
"product_reference": "activemq-0:5.9.0-6.redhat.611454.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64"
},
"product_reference": "activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64"
},
"product_reference": "activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:1.625.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch"
},
"product_reference": "jenkins-0:1.625.3-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:1.625.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src"
},
"product_reference": "jenkins-0:1.625.3-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-release-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch"
},
"product_reference": "openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src"
},
"product_reference": "openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch"
},
"product_reference": "openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch"
},
"product_reference": "openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch"
},
"product_reference": "openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src"
},
"product_reference": "openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src"
},
"product_reference": "openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-util-0:1.38.6.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src"
},
"product_reference": "openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-0:5.3.3-46.el6_7.1.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src"
},
"product_reference": "php-0:5.3.3-46.el6_7.1.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-bcmath-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64"
},
"product_reference": "php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64"
},
"product_reference": "php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-devel-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64"
},
"product_reference": "php-devel-0:5.3.3-46.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-fpm-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64"
},
"product_reference": "php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-imap-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64"
},
"product_reference": "php-imap-0:5.3.3-46.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-intl-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64"
},
"product_reference": "php-intl-0:5.3.3-46.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-mbstring-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64"
},
"product_reference": "php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "php-process-0:5.3.3-46.el6_7.1.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64"
},
"product_reference": "php-process-0:5.3.3-46.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5254",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2015-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1291292"
}
],
"notes": [
{
"category": "description",
"text": "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ObjectMessage: unsafe deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A malicious message producer needs to authenticate to EAP in order to send messages. Also, the use of JMS ObjectMessage needs to be chosen by the developer of the application. Therefore this issue is rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5254"
},
{
"category": "external",
"summary": "RHBZ#1291292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5254",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5254"
},
{
"category": "external",
"summary": "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt",
"url": "http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt"
}
],
"release_date": "2015-12-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
},
{
"category": "workaround",
"details": "If you do deploy a JMS publisher, and subscriber, and don\u0027t trust the messages sent to you by your clients, you could mitigate this issue by installing a Java agent which restricts the classes which can be deserialized. This is an article with the recommended approach:\n\nhttps://access.redhat.com/solutions/2190911\n\nYou could also mitigate this issue using the features of the Java Virtual Machine added in JEP 290:\n\nhttp://openjdk.java.net/jeps/290",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ObjectMessage: unsafe deserialization"
},
{
"cve": "CVE-2015-5317",
"discovery_date": "2015-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1282359"
}
],
"notes": [
{
"category": "description",
"text": "The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Project name disclosure via fingerprints (SECURITY-153)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5317"
},
{
"category": "external",
"summary": "RHBZ#1282359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282359"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5317"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5317",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5317"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2015-11-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-12T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Low"
}
],
"title": "jenkins: Project name disclosure via fingerprints (SECURITY-153)"
},
{
"cve": "CVE-2015-5318",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1282361"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Public value used for CSRF protection salt (SECURITY-169)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5318"
},
{
"category": "external",
"summary": "RHBZ#1282361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5318"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
],
"release_date": "2015-11-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Public value used for CSRF protection salt (SECURITY-169)"
},
{
"cve": "CVE-2015-5319",
"discovery_date": "2015-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1282362"
}
],
"notes": [
{
"category": "description",
"text": "XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an \"XML-aware tool,\" as demonstrated by get-job and update-job.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: XXE injection into job configurations via CLI (SECURITY-173)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5319"
},
{
"category": "external",
"summary": "RHBZ#1282362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282362"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5319",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5319"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
],
"release_date": "2015-11-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jenkins: XXE injection into job configurations via CLI (SECURITY-173)"
},
{
"cve": "CVE-2015-5320",
"discovery_date": "2015-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1282363"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Secret key not verified when connecting a slave (SECURITY-184)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5320"
},
{
"category": "external",
"summary": "RHBZ#1282363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282363"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5320",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5320"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5320",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5320"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
],
"release_date": "2015-11-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins: Secret key not verified when connecting a slave (SECURITY-184)"
},
{
"cve": "CVE-2015-5321",
"discovery_date": "2015-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1282364"
}
],
"notes": [
{
"category": "description",
"text": "The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Information disclosure via sidepanel (SECURITY-192)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5321"
},
{
"category": "external",
"summary": "RHBZ#1282364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5321",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5321"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
],
"release_date": "2015-11-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Information disclosure via sidepanel (SECURITY-192)"
},
{
"cve": "CVE-2015-5322",
"discovery_date": "2015-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1282365"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Local file inclusion vulnerability (SECURITY-195)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5322"
},
{
"category": "external",
"summary": "RHBZ#1282365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5322",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5322"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
],
"release_date": "2015-11-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jenkins: Local file inclusion vulnerability (SECURITY-195)"
},
{
"cve": "CVE-2015-5323",
"discovery_date": "2015-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1282366"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: API tokens of other users available to admins (SECURITY-200)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5323"
},
{
"category": "external",
"summary": "RHBZ#1282366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5323",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5323"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5323",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5323"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
],
"release_date": "2015-11-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: API tokens of other users available to admins (SECURITY-200)"
},
{
"cve": "CVE-2015-5324",
"discovery_date": "2015-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1282367"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Queue API did show items not visible to the current user (SECURITY-186)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5324"
},
{
"category": "external",
"summary": "RHBZ#1282367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5324",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5324"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
],
"release_date": "2015-11-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Queue API did show items not visible to the current user (SECURITY-186)"
},
{
"cve": "CVE-2015-5325",
"discovery_date": "2015-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1282368"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5325"
},
{
"category": "external",
"summary": "RHBZ#1282368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5325",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5325"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
],
"release_date": "2015-11-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: JNLP slaves not subject to slave-to-master access control (SECURITY-206)"
},
{
"cve": "CVE-2015-5326",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2015-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1282369"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5326"
},
{
"category": "external",
"summary": "RHBZ#1282369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5326",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5326"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5326",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5326"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
],
"release_date": "2015-11-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jenkins: Stored XSS vulnerability in slave offline status message (SECURITY-214)"
},
{
"cve": "CVE-2015-7537",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1291795"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7537"
},
{
"category": "external",
"summary": "RHBZ#1291795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7537",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7537"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"
}
],
"release_date": "2015-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)"
},
{
"cve": "CVE-2015-7538",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2015-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1291797"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: CSRF protection ineffective (SECURITY-233)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7538"
},
{
"category": "external",
"summary": "RHBZ#1291797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291797"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7538",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7538"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"
}
],
"release_date": "2015-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: CSRF protection ineffective (SECURITY-233)"
},
{
"cve": "CVE-2015-7539",
"discovery_date": "2015-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1291798"
}
],
"notes": [
{
"category": "description",
"text": "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7539"
},
{
"category": "external",
"summary": "RHBZ#1291798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291798"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7539",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7539"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"
}
],
"release_date": "2015-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)"
},
{
"cve": "CVE-2015-8103",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2015-11-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1282371"
}
],
"notes": [
{
"category": "description",
"text": "The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the \"Groovy variant in \u0027ysoserial\u0027\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-8103"
},
{
"category": "external",
"summary": "RHBZ#1282371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-8103",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8103"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-8103",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8103"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
],
"release_date": "2015-11-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-22T16:49:04+00:00",
"details": "Before applying this update, make sure all previously released \nerrata relevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be \nupdated shortly for release 2.2.9, for important instructions on how \nto fully apply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at: \nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0489"
},
{
"category": "workaround",
"details": "https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.6.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.5.3-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-console-0:1.35.5.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611454.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.625.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-release-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-0:2.2.9-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-broker-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-upgrade-node-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-enterprise-yum-validator-0:2.2.9-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.5.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:php-0:5.3.3-46.el6_7.1.src",
"6Server-RHOSE-NODE-2.2:php-bcmath-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-debuginfo-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-devel-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-fpm-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-imap-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-intl-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-mbstring-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:php-process-0:5.3.3-46.el6_7.1.x86_64",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-common-0:1.29.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-apache-vhost-0:0.13.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.5.3-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins: Remote code execution vulnerability due to unsafe deserialization in Jenkins remoting (SECURITY-218)"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…