Lucene search

K
redhatRedHatRHSA-2020:3616
HistorySep 09, 2020 - 3:13 p.m.

(RHSA-2020:3616) Important: OpenShift Container Platform 4.3.35 jenkins-2-plugins security update

2020-09-0915:13:36
access.redhat.com
17

0.001 Low

EPSS

Percentile

47.1%

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

  • jenkins-script-security-plugin: sandbox protection bypass led to arbitrary code execution in sandboxed scripts (CVE-2019-16538)

  • jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods (CVE-2020-2109)

  • jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations (CVE-2020-2110)

  • jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies (CVE-2020-2134)

  • jenkins-script-security-plugin: sandbox protection bypass led to arbitrary code execution (CVE-2020-2135)

  • jenkins-subversion-plugin: XSS in project repository base URL (CVE-2020-2111)

  • jenkins-git-plugin: stored cross-site scripting (CVE-2020-2136)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchjenkins-2-plugins<Β 4.3.1597915133-1.el7jenkins-2-plugins-4.3.1597915133-1.el7.noarch.rpm