Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:1064
HistoryMar 06, 2023 - 8:55 a.m.

(RHSA-2023:1064) Critical: OpenShift Developer Tools and Services for OCP 4.12 security update

2023-03-0608:55:13
access.redhat.com
37
openshift developer tools
ocp 4.12
security update
jenkins
sandbox bypass vulnerabilities
pipeline groovy plugin
cve-2022-43401
cve-2022-43402
cve-2022-43403
cve-2022-43404
cve-2022-43405
cve-2022-43406
cve-2022-29047
cve-2022-43407
cve-2022-45047
cve-2022-30952
cve-2022-42003
cve-2022-42004
cve-2022-43408
cve-2022-43409
cve-2022-43410
cvss score
references section
unix

0.01 Low

EPSS

Percentile

83.7%

JSON

Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

Security Fix(es):

  • jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43401)

  • jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin (CVE-2022-43402)

  • jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43403)

  • jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43404)

  • jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin (CVE-2022-43405)

  • jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin (CVE-2022-43406)

  • Pipeline Shared Groovy Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin (CVE-2022-29047)

  • jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin (CVE-2022-43407)

  • mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)

  • Jenkins plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin (CVE-2022-30952)

  • jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

  • jackson-databind: use of deeply nested arrays (CVE-2022-42004)

  • jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin (CVE-2022-43408)

  • jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline: Supporting APIs Plugin (CVE-2022-43409)

  • jenkins-plugin/mercurial: Webhook endpoint discloses job names to unauthorized users in Mercurial Plugin (CVE-2022-43410)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 19
github 13
osv 22
redhat 6
ibm 36
openvas 4
gentoo 1
mageia 1
debian 2
cve 13
prion 14
alpinelinux 9
veracode 13
cvelist 13
redhatcve 13
nvd 13
cbl_mariner 2
cnvd 2
f5 1
atlassian 2
nessus
nessus
RHEL 8 : OpenShift Developer Tools and Services for OCP 4.12 (RHSA-2023:1064)
2024-04-28 00:00:00
RHCOS 4 : OpenShift Container Platform 4.10.51 (RHSA-2023:0560)
2024-01-24 00:00:00
Oracle GoldenGate (April 2023 CPU)
2023-04-19 00:00:00
github
github
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
2022-10-19 19:00:21
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
2022-10-19 19:00:21
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin
2022-10-19 19:00:22
osv
osv
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
2022-10-19 19:00:21
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
2022-10-19 19:00:21
jackson-databind - security update
2022-11-27 00:00:00
redhat
redhat
(RHSA-2023:3198) Critical: jenkins and jenkins-2-plugins security update
2023-05-17 17:46:13
(RHSA-2023:0560) Critical: OpenShift Container Platform 4.10.51 security update
2023-02-08 18:32:53
(RHSA-2023:0777) Critical: OpenShift Container Platform 4.9.56 security update
2023-02-22 23:54:53
ibm
ibm
Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
2023-06-22 18:28:22
Security Bulletin: IBM Tivoli Netcool/OMNIbus Probe and Integrations Library are affected by vulnerabilities in FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
2022-12-14 01:45:31
Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42003, CVE-2022-42004)
2023-05-02 21:10:24
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
Debian: Security Advisory (DSA-5283-1)
2022-11-18 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
debian
debian
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
cve
cve
CVE-2022-43407
2022-10-19 16:15:10
CVE-2022-43401
2022-10-19 16:15:10
CVE-2022-43406
2022-10-19 16:15:10
prion
prion
Cross site request forgery (csrf)
2022-10-19 16:15:00
Security feature bypass
2022-10-19 16:15:00
Design/Logic Flaw
2022-10-19 16:15:00
alpinelinux
alpinelinux
CVE-2022-43404
2022-10-19 16:15:10
CVE-2022-43410
2022-10-19 16:15:10
CVE-2022-43403
2022-10-19 16:15:10
veracode
veracode
Authorization Bypass
2022-10-20 15:26:59
Sandbox Bypass
2022-10-20 11:23:44
Information Disclosure
2023-03-24 00:52:33
cvelist
cvelist
CVE-2022-43408
2022-10-19 00:00:00
CVE-2022-43406
2022-10-19 00:00:00
CVE-2022-43407
2022-10-19 00:00:00
redhatcve
redhatcve
CVE-2022-43403
2022-10-20 06:47:29
CVE-2022-43407
2022-10-20 07:17:15
CVE-2022-43406
2022-10-20 06:17:16
nvd
nvd
CVE-2022-43406
2022-10-19 16:15:10
CVE-2022-43403
2022-10-19 16:15:10
CVE-2022-43408
2022-10-19 16:15:10
cbl_mariner
cbl_mariner
CVE-2022-43410 affecting package mercurial 6.0.3-2
2024-07-03 03:08:37
CVE-2022-43410 affecting package mercurial 5.4-2
2024-07-03 03:08:33
cnvd
cnvd
Jenkins Pipeline SCM API for Blue Ocean Plugin Unauthorized Access Vulnerability
2022-11-14 00:00:00
Apache MINA deserialization vulnerability
2022-11-18 00:00:00
f5
f5
K91021753 : Apache MINA vulnerability CVE-2022-45047
2022-11-18 00:00:00
atlassian
atlassian
DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
2024-04-09 01:54:04
Deserialization com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
2023-11-12 13:45:26

0.01 Low

EPSS

Percentile

83.7%

JSON
Related for RHSA-2023:1064
nessus19github13osv22redhat6ibm36openvas4gentoo1mageia1debian2cve13prion14alpinelinux9veracode13cvelist13redhatcve13nvd13cbl_mariner2cnvd2f51atlassian2