Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
- jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins
Script Security Plugin (CVE-2022-43401)
- jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline:
Groovy Plugin (CVE-2022-43402)
- jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins
Script Security Plugin (CVE-2022-43403)
- jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins
Script Security Plugin (CVE-2022-43404)
- jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in
Pipeline: Groovy Libraries Plugin (CVE-2022-43405)
- jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in
Pipeline: Deprecated Groovy Libraries Plugin (CVE-2022-43406)
- google-oauth-client: missing PKCE support in accordance with the RFC for
OAuth 2.0 for Native Apps can lead to improper authorization
(CVE-2020-7692)
- snakeyaml: Denial of Service due to missing nested depth limitation for
collections (CVE-2022-25857)
- jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be
bypassed in Pipeline: Input Step Plugin (CVE-2022-43407)
- mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
- jenkins-plugin/script-security: Whole-script approval in Script Security
Plugin vulnerable to SHA-1 collisions (CVE-2022-45379)
- jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin
(CVE-2022-45380)
- jenkins-plugin/pipeline-utility-steps: Arbitrary file read vulnerability
in Pipeline Utility Steps Plugin (CVE-2022-45381)
- Jenkins plugin: CSRF vulnerability in Script Security Plugin
(CVE-2022-30946)
- Jenkins plugin: User-scoped credentials exposed to other users by
Pipeline SCM API for Blue Ocean Plugin (CVE-2022-30952)
- Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)
- Jenkins plugin: missing permission checks in Blue Ocean Plugin
(CVE-2022-30954)
- jenkins-plugin: Cross-site Request Forgery (CSRF) in
org.jenkins-ci.plugins:git (CVE-2022-36882)
- jenkins plugin: Lack of authentication mechanism in Git Plugin webhook
(CVE-2022-36883)
- jenkins plugin: Lack of authentication mechanism in Git Plugin webhook
(CVE-2022-36884)
- jenkins plugin: Non-constant time webhook signature comparison in GitHub
Plugin (CVE-2022-36885)
- jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be
bypassed in Pipeline: Stage View Plugin (CVE-2022-43408)
- jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline:
Supporting APIs Plugin (CVE-2022-43409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.