Red Hat Security Advisory: Jenkins and Jenkins-2-plugins security update
🔗 CVE IDs covered (24)
📋 Description
CVE-2020-7692 — google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization CVE-2021-26291 — maven: Block repositories using http by default CVE-2022-1962 — golang: go/parser: stack exhaustion in all Parse* functions CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-29599 — maven-shared-utils: Command injection via Commandline class CVE-2022-42889 — apache-commons-text: variable interpolation RCE CVE-2023-2976 — guava: insecure temporary directory creation CVE-2023-20861 — springframework: Spring Expression DoS Vulnerability CVE-2023-20862 — spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout CVE-2023-24422 — jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin CVE-2023-25761 — jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin CVE-2023-25762 — jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin CVE-2023-26048 — jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() CVE-2023-26049 — jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies CVE-2023-27903 — Jenkins: Temporary file parameter created with insecure permissions CVE-2023-27904 — Jenkins: Information disclosure through error stack traces related to agents CVE-2023-37947 — Jenkins: Open redirect vulnerability in OpenShift Login Plugin CVE-2023-40167 — jetty: Improper validation of HTTP/1 content-length CVE-2023-40337 — jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin CVE-2023-40338 — jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin CVE-2023-40339 — jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin CVE-2023-40341 — jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials CVE-2024-23897 — jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE CVE-2024-23898 — jenkins: cross-site WebSocket hijacking
🔗 References (57)
- selfhttps://access.redhat.com/errata/RHSA-2024:0778
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1856376
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1955739
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2066479
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107376
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2126789
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135435
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2164278
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170039
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170041
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2177632
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2177634
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2180530
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215229
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2222710
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2227788
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2232422
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2232423
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2232425
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2232426
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2236340
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2236341
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2239634
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2260180
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2260182
- externalhttps://issues.redhat.com/browse/JKNS-271
- externalhttps://issues.redhat.com/browse/JKNS-289
- externalhttps://issues.redhat.com/browse/OCPBUGS-10976
- externalhttps://issues.redhat.com/browse/OCPBUGS-11158
- externalhttps://issues.redhat.com/browse/OCPBUGS-11348
- externalhttps://issues.redhat.com/browse/OCPBUGS-1357
- externalhttps://issues.redhat.com/browse/OCPBUGS-13652
- externalhttps://issues.redhat.com/browse/OCPBUGS-13901
- externalhttps://issues.redhat.com/browse/OCPBUGS-14113
- externalhttps://issues.redhat.com/browse/OCPBUGS-14393
- externalhttps://issues.redhat.com/browse/OCPBUGS-14642
- externalhttps://issues.redhat.com/browse/OCPBUGS-15648
- externalhttps://issues.redhat.com/browse/OCPBUGS-1709
- externalhttps://issues.redhat.com/browse/OCPBUGS-1942
- externalhttps://issues.redhat.com/browse/OCPBUGS-2099
- externalhttps://issues.redhat.com/browse/OCPBUGS-2184
- externalhttps://issues.redhat.com/browse/OCPBUGS-2318
- externalhttps://issues.redhat.com/browse/OCPBUGS-27391
- externalhttps://issues.redhat.com/browse/OCPBUGS-3692
- externalhttps://issues.redhat.com/browse/OCPBUGS-4819
- externalhttps://issues.redhat.com/browse/OCPBUGS-4833
- externalhttps://issues.redhat.com/browse/OCPBUGS-655
- externalhttps://issues.redhat.com/browse/OCPBUGS-6632
- externalhttps://issues.redhat.com/browse/OCPBUGS-6982
- externalhttps://issues.redhat.com/browse/OCPBUGS-7016
- externalhttps://issues.redhat.com/browse/OCPBUGS-7050
- externalhttps://issues.redhat.com/browse/OCPBUGS-710
- externalhttps://issues.redhat.com/browse/OCPBUGS-8420
- externalhttps://issues.redhat.com/browse/OCPBUGS-8497
- externalhttps://issues.redhat.com/browse/OCPTOOLS-246
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0778.json