Lucene search

K
redhatRedHatRHSA-2020:2478
HistoryJun 17, 2020 - 10:29 p.m.

(RHSA-2020:2478) Important: OpenShift Container Platform 3.11 jenkins-2-plugins security update

2020-06-1722:29:24
access.redhat.com
26

0.947 High

EPSS

Percentile

99.3%

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

  • jenkins-git-client-plugin: OS command injection via β€˜git ls-remote’ (CVE-2019-10392)

  • jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts (CVE-2019-16538)

  • jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods (CVE-2020-2109)

  • jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations (CVE-2020-2110)

  • jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies (CVE-2020-2134)

  • jenkins-script-security-plugin: sandbox protection bypass leads to arbitrary code execution (CVE-2020-2135)

  • jenkins-subversion-plugin: XSS in project repository base url (CVE-2020-2111)

  • jenkins-git-plugin: stored cross-site scripting (CVE-2020-2136)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchjenkins-2-plugins<Β 3.11.1591354111-1.el7jenkins-2-plugins-3.11.1591354111-1.el7.noarch.rpm