Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
apache-commons-text: variable interpolation RCE (CVE-2022-42889)
google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)
jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
Jenkins: Denial of Service attack (CVE-2023-27900)
Jenkins: Denial of Service attack (CVE-2023-27901)
Jenkins: Workspace temporary directories accessible through directory browser (CVE-2023-27902)
Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 8 | noarch | jenkins | < 2.387.3.1684911776-3.el8 | jenkins-2.387.3.1684911776-3.el8.noarch.rpm |
RedHat | 8 | noarch | jenkins-2-plugins | < 4.13.1684911916-1.el8 | jenkins-2-plugins-4.13.1684911916-1.el8.noarch.rpm |