Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-29599 — maven-shared-utils: Command injection via Commandline class CVE-2022-42889 — apache-commons-text: variable interpolation RCE CVE-2023-2976 — guava: insecure temporary directory creation CVE-2023-24422 — jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin CVE-2023-25761 — jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin CVE-2023-25762 — jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin CVE-2023-35116 — jackson-databind: denial of service via cylic dependencies CVE-2023-37946 — Jenkins: Session fixation vulnerability in OpenShift Login Plugin CVE-2023-37947 — Jenkins: Open redirect vulnerability in OpenShift Login Plugin CVE-2023-39325 — golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) CVE-2023-40336 — jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts CVE-2023-40337 — jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin CVE-2023-40338 — jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin CVE-2023-40339 — jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin CVE-2023-40341 — jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)