RHSA-2025:2223HighCVSS 8.0
Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2024-45339 — github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog CVE-2024-47072 — com.thoughtworks.xstream: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream CVE-2024-47855 — json-lib: Mishandling of an unbalanced comment string in json-lib CVE-2024-52549 — jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability CVE-2024-52550 — jenkins-plugin/workflow-cps: Lack of Approval Check for Rebuilt Jenkins Pipelines CVE-2024-52551 — jenkins-plugin/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of Builds with Unapproved Jenkinsfile
🔗 References (8)
- selfhttps://access.redhat.com/errata/RHSA-2025:2223
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2316421
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2324606
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2326034
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2326043
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2326047
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_2223.json