VulnerableCode Package Details - pkg:alpm/archlinux/jenkins@2.56-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-syz5-rzv5-ukhb Aliases: CVE-2017-1000356 GHSA-85wq-pqhp-hmq6	Cross-Site Request Forgery (CSRF) Jenkins is vulnerable to an issue in the Jenkins user database authentication realm.	2.57-1 Affected by 0 other vulnerabilities.
VCID-yq9y-tdnu-2uc3 Aliases: CVE-2017-1000355 GHSA-4466-8jm4-448p	Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.	2.57-1 Affected by 0 other vulnerabilities.
VCID-ytyb-zk5y-6ub2 Aliases: CVE-2017-1000354 GHSA-r57f-7xw3-q2r9	Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.	2.57-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-syz5-rzv5-ukhb
Aliases:
CVE-2017-1000356
GHSA-85wq-pqhp-hmq6

Cross-Site Request Forgery (CSRF) Jenkins is vulnerable to an issue in the Jenkins user database authentication realm.

2.57-1
Affected by 0 other vulnerabilities.

VCID-yq9y-tdnu-2uc3
Aliases:
CVE-2017-1000355
GHSA-4466-8jm4-448p

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

2.57-1
Affected by 0 other vulnerabilities.

VCID-ytyb-zk5y-6ub2
Aliases:
CVE-2017-1000354
GHSA-r57f-7xw3-q2r9

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.

2.57-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-06T05:35:34.977656+00:00	Arch Linux Importer	Affected by	VCID-ytyb-zk5y-6ub2	https://security.archlinux.org/AVG-255	38.1.0
2026-04-06T05:35:34.954822+00:00	Arch Linux Importer	Affected by	VCID-yq9y-tdnu-2uc3	https://security.archlinux.org/AVG-255	38.1.0
2026-04-06T05:35:34.930755+00:00	Arch Linux Importer	Affected by	VCID-syz5-rzv5-ukhb	https://security.archlinux.org/AVG-255	38.1.0
2026-04-01T18:26:15.681775+00:00	Arch Linux Importer	Affected by	VCID-ytyb-zk5y-6ub2	https://security.archlinux.org/AVG-255	38.0.0
2026-04-01T18:26:15.656633+00:00	Arch Linux Importer	Affected by	VCID-yq9y-tdnu-2uc3	https://security.archlinux.org/AVG-255	38.0.0
2026-04-01T18:26:15.629753+00:00	Arch Linux Importer	Affected by	VCID-syz5-rzv5-ukhb	https://security.archlinux.org/AVG-255	38.0.0