RHSA-2024:0775HighCVSS 9.8

Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

Published
February 12, 2024
Last Modified
June 6, 2026

🔗 CVE IDs covered (11)

📋 Description

CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-29599 — maven-shared-utils: Command injection via Commandline class CVE-2022-42889 — apache-commons-text: variable interpolation RCE CVE-2023-24422 — jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin CVE-2023-25761 — jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin CVE-2023-25762 — jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin CVE-2023-27903 — Jenkins: Temporary file parameter created with insecure permissions CVE-2023-27904 — Jenkins: Information disclosure through error stack traces related to agents CVE-2023-37946 — Jenkins: Session fixation vulnerability in OpenShift Login Plugin CVE-2024-23897 — jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE CVE-2024-23898 — jenkins: cross-site WebSocket hijacking

🔗 References (15)