Lucene search

RedHatRHSA-2023:6172

HistoryOct 30, 2023 - 11:17 a.m.

(RHSA-2023:6172) Critical: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update

2023-10-3011:17:33

access.redhat.com

red hat ocp tools

4.12

jenkins

security update

cves

information disclosure

temporary file

stored xss vulnerability

denial of service

rce

sandbox bypass

command injection

golang

net/http

9.9 High

AI Score

Confidence

High

0.972 High

EPSS

Percentile

99.8%

JSON

Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

Security Fix(es):

CVE-2023-27904 jenkins: Information disclosure through error stack traces related to agents
CVE-2023-27903 jenkins: Temporary file parameter created with insecure permissions
CVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
CVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin
CVE-2022-25857 jenkins-2-plugins: snakeyaml: Denial of Service due to missing nested depth limitation for collections
CVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE
CVE-2020-7692 jenkins-2-plugins: google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization
CVE-2023-24422 jenkins-2-plugins: jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
CVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin
CVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
CVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE
CVE-2022-29599 jenkins-2-plugins: maven-shared-utils: Command injection via Commandline class
CVE-2023-39325 openshift-jenkins-2-container: golang: net/http, x/net/http2: rapid stream resets can cause excessive work

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchjenkins< 2.414.3.1698293911-3.el8jenkins-2.414.3.1698293911-3.el8.noarch.rpm
RedHat8noarchjenkins-2-plugins< 4.12.1698294000-1.el8jenkins-2-plugins-4.12.1698294000-1.el8.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	noarch	jenkins	< 2.414.3.1698293911-3.el8	jenkins-2.414.3.1698293911-3.el8.noarch.rpm
RedHat	8	noarch	jenkins-2-plugins	< 4.12.1698294000-1.el8	jenkins-2-plugins-4.12.1698294000-1.el8.noarch.rpm