This is not an SQL injection, configuration page calls all checks for form validations https://wiki.jenkins-ci.org/display/JENKINS/Form+Validation
On Tuesday, February 3, 2015 at 9:35:15 PM UTC+3, Daniel Beck wrote: > > Just to clear this up, since it was reported publicly: > > This appears to be from the CVS plugin and is clearly a false positive: > > https://github.com/jenkinsci/cvs-plugin/blob/master/src/main/java/hudson/scm/ExcludedRegion.java#L100 > > > It seems the scanner mistakes printing parts of the input (to return a > helpful error message about an invalid regex to the user) as SQL injection > for some reason. > > On 03.02.2015, at 15:54, Wt Riker <wtrik...@gmail.com <javascript:>> > wrote: > > > I posted this once but it seems to have disappeared so my apologies if > it shows up as a duplicate. I have discovered a security vulnerability in > Jenkins (1.569). I am a sys admin, not a Jenkins admin, so I do not know > how this link is generate and I don't want to start mucking with Jenkins > code to fix it. When a job is created a link like this is generated: > > > > > http://jenkins.server.com:8080/job/64-bit_CHRIS_PLAY_TEST_HUV02MS/descriptorByName/hudson.scm.ExcludedRegion/checkPattern > > > > > This link is vulnerable to SQL injection. The usual way to correct this > is to use prepared statements. In any case I am guessing this has been > addressed already and I am looking for the fix. TIA. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Jenkins Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to jenkinsci-use...@googlegroups.com <javascript:>. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/eb52c2a4-1359-4603-afa1-61dd0f39d172%40googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/0a5f4b5a-917b-4ab8-bf40-073bf7f60331%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
