RHSA-2019:1636: Important: OpenShift Container Platform 4.1 jenkins-2-plugins security update

First published: Wed Jul 03 2019(Updated: )

This advisory contains the jenkins-2-plugins RPM packages for Red Hat<br>OpenShift Container Platform 4.1.4. See the following advisory for the<br>container images for this release:<br><a href="https://access.redhat.com/errata/RHBA-2019:1635" target="_blank">https://access.redhat.com/errata/RHBA-2019:1635</a> Security Fix(es):<br><li> jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist </li> entry in Pipeline Remote Loader Plugin (CVE-2019-10328)<br><li> jenkins-credentials-plugin: Certificate file read vulnerability in</li> Credentials Plugin (CVE-2019-10320)<br><li> jenkins-plugin-token-macro: XML External Entity processing the ${XML}</li> macro (CVE-2019-10337)<br>For more details about the security issue(s), including the impact, a CVSS<br>score, acknowledgments, and other related information, refer to the CVE<br>page(s) listed in the References section.<br>You may download the oc tool and use it to inspect release image metadata<br>as follows:<br>$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.1.4<br>The image digest is sha256:a6c177eb007d20bb00bfd8f829e99bd40137167480112bd5ae1c25e40a4a163a<br>All OpenShift Container Platform 4.1 users are advised to upgrade to these<br>updated packages and images.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2019:1636
• agent/software-canonical-lookup
• package-manager/redhat