RHSA-2023:0560: Critical: OpenShift Container Platform 4.10.51 security update

First published: Wed Feb 08 2023(Updated: )

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.<br>Security Fix(es):<br><li> jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins</li> Script Security Plugin (CVE-2022-43401)<br><li> jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline:</li> Groovy Plugin (CVE-2022-43402)<br><li> jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins</li> Script Security Plugin (CVE-2022-43403)<br><li> jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins</li> Script Security Plugin (CVE-2022-43404)<br><li> jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in</li> Pipeline: Groovy Libraries Plugin (CVE-2022-43405)<br><li> jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in</li> Pipeline: Deprecated Groovy Libraries Plugin (CVE-2022-43406)<br><li> google-oauth-client: missing PKCE support in accordance with the RFC for</li> OAuth 2.0 for Native Apps can lead to improper authorization<br>(CVE-2020-7692)<br><li> snakeyaml: Denial of Service due to missing nested depth limitation for</li> collections (CVE-2022-25857)<br><li> jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be</li> bypassed in Pipeline: Input Step Plugin (CVE-2022-43407)<br><li> mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)</li> <li> jenkins-plugin/script-security: Whole-script approval in Script Security</li> Plugin vulnerable to SHA-1 collisions (CVE-2022-45379)<br><li> jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin</li> (CVE-2022-45380)<br><li> jenkins-plugin/pipeline-utility-steps: Arbitrary file read vulnerability</li> in Pipeline Utility Steps Plugin (CVE-2022-45381)<br><li> Jenkins plugin: CSRF vulnerability in Script Security Plugin</li> (CVE-2022-30946)<br><li> Jenkins plugin: User-scoped credentials exposed to other users by</li> Pipeline SCM API for Blue Ocean Plugin (CVE-2022-30952)<br><li> Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)</li> <li> Jenkins plugin: missing permission checks in Blue Ocean Plugin</li> (CVE-2022-30954)<br><li> jenkins-plugin: Cross-site Request Forgery (CSRF) in</li> org.jenkins-ci.plugins:git (CVE-2022-36882)<br><li> jenkins plugin: Lack of authentication mechanism in Git Plugin webhook</li> (CVE-2022-36883)<br><li> jenkins plugin: Lack of authentication mechanism in Git Plugin webhook</li> (CVE-2022-36884)<br><li> jenkins plugin: Non-constant time webhook signature comparison in GitHub</li> Plugin (CVE-2022-36885)<br><li> jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be</li> bypassed in Pipeline: Stage View Plugin (CVE-2022-43408)<br><li> jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline:</li> Supporting APIs Plugin (CVE-2022-43409)<br>For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/severity
• agent/type
• agent/softwarecombine
• agent/last-modified-date
• agent/first-publish-date
• agent/remedy
• agent/title
• agent/references
• agent/description
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2023:0560
• agent/software-canonical-lookup
• agent/event
• agent/trending
• agent/tags
• agent/source
• package-manager/redhat