Add 2018-04-11 advisory CVE IDs

jenkins-infra · Apr 14, 2018 · b5a99ea · b5a99ea
1 parent ad89e90
commit b5a99ea
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/content/security/advisory/2018-04-11.adoc b/content/security/advisory/2018-04-11.adoc
@@ -17,7 +17,7 @@ issues:
     severity: low
     vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
   reporter: Assaf Berg # TODO not yet confirmed
-  cve: CVE pending
+  cve: CVE-2018-1000169
   description: |
     The Jenkins CLI sent different error responses for commands with view and agent arguments depending on the existence of the specified views or agents to unauthorized users.
     This allowed attackers to determine whether views or agents with specified names exist.
@@ -29,7 +29,7 @@ issues:
     severity: medium
     vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
   reporter: Jesper den Boer
-  cve: CVE pending
+  cve: CVE-2018-1000170
   description: |
     Some JavaScript confirmation dialogs included the item name in an unsafe manner, resulting in a possible cross-site scripting vulnerability exploitable by users with permission to create or configure items.