Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
🔗 CVE IDs covered (10)
📋 Description
CVE-2021-26291 — maven: Block repositories using http by default CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-29599 — maven-shared-utils: Command injection via Commandline class CVE-2022-42889 — apache-commons-text: variable interpolation RCE CVE-2023-24422 — jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin CVE-2023-25761 — jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin CVE-2023-25762 — jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin CVE-2023-37946 — Jenkins: Session fixation vulnerability in OpenShift Login Plugin CVE-2024-23897 — jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE CVE-2024-23898 — jenkins: cross-site WebSocket hijacking
🔗 References (41)
- selfhttps://access.redhat.com/errata/RHSA-2024:0776
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1955739
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2066479
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2126789
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135435
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2164278
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170039
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170041
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2222709
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2260180
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2260182
- externalhttps://issues.redhat.com/browse/JKNS-271
- externalhttps://issues.redhat.com/browse/JKNS-289
- externalhttps://issues.redhat.com/browse/OCPBUGS-10934
- externalhttps://issues.redhat.com/browse/OCPBUGS-11158
- externalhttps://issues.redhat.com/browse/OCPBUGS-11329
- externalhttps://issues.redhat.com/browse/OCPBUGS-11446
- externalhttps://issues.redhat.com/browse/OCPBUGS-11452
- externalhttps://issues.redhat.com/browse/OCPBUGS-1357
- externalhttps://issues.redhat.com/browse/OCPBUGS-13651
- externalhttps://issues.redhat.com/browse/OCPBUGS-13870
- externalhttps://issues.redhat.com/browse/OCPBUGS-14112
- externalhttps://issues.redhat.com/browse/OCPBUGS-14311
- externalhttps://issues.redhat.com/browse/OCPBUGS-14634
- externalhttps://issues.redhat.com/browse/OCPBUGS-15647
- externalhttps://issues.redhat.com/browse/OCPBUGS-15986
- externalhttps://issues.redhat.com/browse/OCPBUGS-1709
- externalhttps://issues.redhat.com/browse/OCPBUGS-1942
- externalhttps://issues.redhat.com/browse/OCPBUGS-2099
- externalhttps://issues.redhat.com/browse/OCPBUGS-2184
- externalhttps://issues.redhat.com/browse/OCPBUGS-2318
- externalhttps://issues.redhat.com/browse/OCPBUGS-27389
- externalhttps://issues.redhat.com/browse/OCPBUGS-655
- externalhttps://issues.redhat.com/browse/OCPBUGS-6579
- externalhttps://issues.redhat.com/browse/OCPBUGS-6870
- externalhttps://issues.redhat.com/browse/OCPBUGS-710
- externalhttps://issues.redhat.com/browse/OCPBUGS-8377
- externalhttps://issues.redhat.com/browse/OCPBUGS-8442
- externalhttps://issues.redhat.com/browse/OCPTOOLS-245
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0776.json