First published: Thu Jun 15 2023(Updated: )
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.<br>Security Fix(es):<br><li> maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)</li> <li> json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)</li> <li> springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)</li> <li> jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)</li> <li> jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)</li> <li> jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)</li> <li> Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)</li> <li> Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)</li> <li> jettison: parser crash by stackoverflow (CVE-2022-40149)</li> <li> net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)</li> <li> jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)</li> <li> springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)</li> <li> jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)</li> <li> jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jenkins | <2-plugins-4.12.1686649756-1.el8 | 2-plugins-4.12.1686649756-1.el8 |
redhat/jenkins | <2.401.1.1686649641-3.el8 | 2.401.1.1686649641-3.el8 |
redhat/jenkins | <2-plugins-4.12.1686649756-1.el8 | 2-plugins-4.12.1686649756-1.el8 |
redhat/jenkins | <2.401.1.1686649641-3.el8 | 2.401.1.1686649641-3.el8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.