RHSA-2026:10215HighCVSS 8.8
Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.18 security update.
🔗 CVE IDs covered (4)
📋 Description
CVE-2024-29371 — jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression CVE-2026-27099 — org.jenkins-ci.main/jenkins-core: Jenkins: Stored Cross-site Scripting (XSS) via unescaped user-provided offline cause description CVE-2026-27100 — org.jenkins-ci.main/jenkins-core: Jenkins: Information disclosure via unauthorized access to build parameters CVE-2026-33001 — jenkins: Jenkins: Arbitrary file write and potential code execution through crafted archives
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2026:10215
- externalhttps://access.redhat.com/security/cve/CVE-2024-29371
- externalhttps://access.redhat.com/security/cve/CVE-2026-27099
- externalhttps://access.redhat.com/security/cve/CVE-2026-27100
- externalhttps://access.redhat.com/security/cve/CVE-2026-33001
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/jenkins
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10215.json