[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d56fffd by Moritz Muehlenhoff at 2022-01-13T11:54:06+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -211,33 +211,33 @@ CVE-2022-23120
 CVE-2022-23119
 	RESERVED
 CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements fu ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23116 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23115 (Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch tas ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23114 (Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unenc ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23113 (Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23112 (A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23111 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish O ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23110 (Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the S ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23109 (Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault c ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23108 (Jenkins Badge Plugin 1.9 and earlier does not escape the description a ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23107 (Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not re ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23106 (Jenkins Configuration as Code Plugin 1.55 and earlier used a non-const ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-23102
 	RESERVED
 CVE-2022-21236
@@ -13924,25 +13924,25 @@ CVE-2021-43063 (A improper neutralization of input during web page generation ('
 CVE-2021-43062
 	RESERVED
 CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencr ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-20619 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-20618 (A missing permission check in Jenkins Bitbucket Branch Source Plugin 7 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-20617 (Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the n ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-20616 (Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-20615 (Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML me ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-20614 (A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-20613 (A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Pl ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2022-20612 (A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and ...)
-	TODO: check
+	- jenkins <removed>
 CVE-2021-43061
 	RESERVED
 CVE-2021-43060



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d56fffdf9c79d1ebf8a28c4e9b9a25ff7e2b51f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d56fffdf9c79d1ebf8a28c4e9b9a25ff7e2b51f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220113/f3fc22cc/attachment.htm>