I posted this once but it seems to have disappeared so my apologies if it shows up as a duplicate. I have discovered a security vulnerability in Jenkins (1.569). I am a sys admin, not a Jenkins admin, so I do not know how this link is generate and I don't want to start mucking with Jenkins code to fix it. When a job is created a link like this is generated:
http://jenkins.server.com:8080/job/64-bit_CHRIS_PLAY_TEST_HUV02MS/descriptorByName/hudson.scm.ExcludedRegion/checkPattern This link is vulnerable to SQL injection. The usual way to correct this is to use prepared statements. In any case I am guessing this has been addressed already and I am looking for the fix. TIA. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/eb52c2a4-1359-4603-afa1-61dd0f39d172%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
