RHSA-2024:0776HighCVSS 9.8

Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

Published
February 12, 2024
Last Modified
June 6, 2026

🔗 CVE IDs covered (10)

📋 Description

CVE-2021-26291 — maven: Block repositories using http by default CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-29599 — maven-shared-utils: Command injection via Commandline class CVE-2022-42889 — apache-commons-text: variable interpolation RCE CVE-2023-24422 — jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin CVE-2023-25761 — jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin CVE-2023-25762 — jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin CVE-2023-37946 — Jenkins: Session fixation vulnerability in OpenShift Login Plugin CVE-2024-23897 — jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE CVE-2024-23898 — jenkins: cross-site WebSocket hijacking

🔗 References (41)