Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
🔗 CVE IDs covered (11)
📋 Description
CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-29599 — maven-shared-utils: Command injection via Commandline class CVE-2022-42889 — apache-commons-text: variable interpolation RCE CVE-2023-24422 — jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin CVE-2023-25761 — jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin CVE-2023-25762 — jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin CVE-2023-27903 — Jenkins: Temporary file parameter created with insecure permissions CVE-2023-27904 — Jenkins: Information disclosure through error stack traces related to agents CVE-2023-37946 — Jenkins: Session fixation vulnerability in OpenShift Login Plugin CVE-2024-23897 — jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE CVE-2024-23898 — jenkins: cross-site WebSocket hijacking
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2024:0775
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2066479
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135435
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2164278
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170039
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170041
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2177632
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2177634
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2222709
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2260180
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2260182
- externalhttps://issues.redhat.com/browse/OCPBUGS-471
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0775.json