Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:0776
HistoryFeb 12, 2024 - 10:18 a.m.

(RHSA-2024:0776) Important: jenkins and jenkins-2-plugins security update

2024-02-1210:18:15
access.redhat.com
21
continuous integration server
security fix
rce
denial of service
command injection
session fixation
arbitrary file read
cross-site websocket hijacking
stored xss
cve-2022
cve-2021
cve-2023
cve-2024
apache commons text
maven
snakeyaml
jenkins-2-plugins
script security plugin
openshift login plugin
junit plugin
pipeline build step plugin
unix

10 High

AI Score

Confidence

High

0.972 High

EPSS

Percentile

99.8%

JSON

Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

Security Fix(es):

  • apache-commons-text: variable interpolation RCE (CVE-2022-42889)

  • maven: Block repositories using http by default (CVE-2021-26291)

  • snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

  • maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

  • jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

  • Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)

  • jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)

  • jenkins: cross-site WebSocket hijacking (CVE-2024-23898)

  • jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

  • jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 35
redhat 14
freebsd 1
osv 19
veracode 6
prion 7
cve 10
cvelist 7
redhatcve 7
nvd 8
github 8
alpinelinux 5
hivepro 1
githubexploit 31
zdt 1
metasploit 1
packetstorm 2
cgr 1
cbl_mariner 2
mageia 1
ubuntucve 1
debiancve 1
openvas 5
ubuntu 3
redos 1
trendmicroblog 1
wolfi 1
ibm 11
oraclelinux 2
rocky 1
almalinux 2
cnvd 1
malwarebytes 1
f5 1
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0776)
2024-04-28 00:00:00
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0775)
2024-04-29 00:00:00
RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2023:6179)
2024-04-28 00:00:00
redhat
redhat
(RHSA-2024:0775) Important: jenkins and jenkins-2-plugins security update
2024-02-12 10:17:47
(RHSA-2023:6179) Critical: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
2023-10-30 12:31:19
(RHSA-2023:7288) Important: Red Hat Product OCP Tools 4.14 Openshift Jenkins security update
2023-11-15 19:19:21
freebsd
freebsd
jenkins -- multiple vulnerabilities
2024-01-24 00:00:00
osv
osv
Jenkins OpenShift Login Plugin session fixation vulnerability
2023-07-12 18:30:38
CVE-2024-23898
2024-01-24 18:15:09
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
2024-01-24 18:31:02
veracode
veracode
Cross-Site WebSocket Hijacking (CSWSH)
2024-01-31 07:28:49
Insecure TLS Configuration
2021-07-22 04:32:45
Man-in-the-middle(MitM)
2021-04-26 08:35:47
prion
prion
Cross site scripting
2024-01-24 18:15:00
Code injection
2023-07-12 16:15:00
Security feature bypass
2023-01-26 21:18:00
cve
cve
CVE-2024-23898
2024-01-24 18:15:09
CVE-2023-37946
2023-07-12 16:15:13
CVE-2024-23897
2024-01-24 18:15:09
cvelist
cvelist
CVE-2023-37946
2023-07-12 15:52:49
CVE-2024-23898
2024-01-24 17:52:23
CVE-2023-24422
2023-01-24 00:00:00
redhatcve
redhatcve
CVE-2024-23898
2024-01-25 20:22:19
CVE-2023-37946
2023-07-17 17:11:51
CVE-2021-26291
2021-04-30 19:06:38
nvd
nvd
CVE-2024-23898
2024-01-24 18:15:09
CVE-2023-37946
2023-07-12 16:15:13
CVE-2023-24422
2023-01-26 21:18:16
github
github
Jenkins OpenShift Login Plugin session fixation vulnerability
2023-07-12 18:30:38
Cross-site WebSocket hijacking vulnerability in the Jenkins CLI
2024-01-24 18:31:02
Cross-site Scripting in Jenkins JUnit Plugin
2023-02-15 15:30:41
alpinelinux
alpinelinux
CVE-2024-23898
2024-01-24 18:15:09
CVE-2021-26291
2021-04-23 15:15:00
CVE-2023-25761
2023-02-15 14:15:13
hivepro
hivepro
Critical Remote Code Execution Flaws Uncovered in Jenkins
2024-02-01 06:56:33
githubexploit
githubexploit
Exploit for CVE-2024-23897
2024-02-19 02:29:12
Exploit for CVE-2024-23897
2024-02-26 03:07:28
Exploit for CVE-2024-23897
2024-01-29 04:41:53
zdt
zdt
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read Exploit
2024-01-29 00:00:00
metasploit
metasploit
Jenkins cli Ampersand Replacement Arbitrary File Read
2024-01-30 22:12:10
packetstorm
packetstorm
Jenkins 2.441 Local File Inclusion
2024-04-15 00:00:00
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
2024-01-29 00:00:00
cgr
cgr
CVE-2024-23897 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2021-26291 affecting package maven 3.5.4-13
2021-05-10 04:20:34
CVE-2023-25761 affecting package junit 4.13-5
2024-07-01 09:08:35
mageia
mageia
Updated maven packages fix security vulnerability
2023-07-19 22:53:31
ubuntucve
ubuntucve
CVE-2021-26291
2021-04-23 00:00:00
debiancve
debiancve
CVE-2021-26291
2021-04-23 15:15:09
openvas
openvas
Ubuntu: Security Advisory (USN-5245-1)
2023-01-27 00:00:00
Mageia: Security Advisory (MGASA-2023-0230)
2023-07-20 00:00:00
Ubuntu: Security Advisory (USN-5805-1)
2023-01-17 00:00:00
ubuntu
ubuntu
Apache Maven vulnerability
2022-08-18 00:00:00
Apache Maven vulnerability
2023-01-16 00:00:00
Apache Maven Shared Utils vulnerability
2024-04-11 00:00:00
redos
redos
ROS-20240514-02
2024-05-14 00:00:00
trendmicroblog
trendmicroblog
Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
2024-03-19 00:00:00
wolfi
wolfi
CVE-2024-23897 vulnerabilities
2024-07-01 09:08:36
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands that process yaml files may be vulnerable to denial of service due to CVE-2022-25857
2022-11-04 16:41:10
Security Bulletin: IBM MQ Blockchain bridge is vulnerable to an issue identified in snakeyaml (CVE-2022-25857)
2023-02-03 19:33:13
Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]
2022-11-28 14:07:14
oraclelinux
oraclelinux
prometheus-jmx-exporter security update
2022-10-06 00:00:00
maven-shared-utils security update
2022-04-29 00:00:00
rocky
rocky
prometheus-jmx-exporter security update
2022-10-06 07:13:19
almalinux
almalinux
Important: maven:3.5 security update
2022-05-30 11:39:15
Important: maven:3.6 security update
2022-05-30 11:39:17
cnvd
cnvd
Apache Maven Command Injection Vulnerability
2022-04-28 00:00:00
malwarebytes
malwarebytes
Why Log4Text is not another Log4Shell
2022-10-19 19:00:00
f5
f5
K24823443 : Apache Commons Text vulnerability CVE-2022-42889
2022-10-19 00:00:00

10 High

AI Score

Confidence

High

0.972 High

EPSS

Percentile

99.8%

JSON
Related for RHSA-2024:0776
nessus35redhat14freebsd1osv19veracode6prion7cve10cvelist7redhatcve7nvd8github8alpinelinux5hivepro1githubexploit31zdt1metasploit1packetstorm2cgr1cbl_mariner2mageia1ubuntucve1debiancve1openvas5ubuntu3redos1trendmicroblog1wolfi1ibm11oraclelinux2rocky1almalinux2cnvd1malwarebytes1f51