(RHSA-2024:3634) Important: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update

Jenkins is a continuous integration server that monitors the execution of
recurring jobs, such as software builds or cron jobs.

Security fixes:

• jenkins-2-plugins: Git-server plugin has an arbitrary file read
  vulnerability (CVE-2024-23899)

• jenkins-plugin/script-security: Sandbox bypass occurs via crafted
  constructor bodies (CVE-2024-34144)

• jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined
  classes (CVE-2024-34145)

• jenkins-2-plugins: HTML Publisher plugin has improper input sanitization
  (CVE-2024-28149)

• jetty: Stops accepting new connections from valid clients
  (CVE-2024-22201)

• SSH: Prefix truncation attack on Binary Packet Protocol (BPP)
  (CVE-2023-48795)

• golang-protobuf: Unmarshaling certain forms of invalid JSON in the
  protojson.Unmarshal function causes an infinite loop in the
  encoding/protojson and internal/encoding/json packages of Golang-protobuf
  (CVE-2024-24786)

• jenkins-2-plugins: Matrix-project plugin has a path traversal
  vulnerability (CVE-2024-23900)

For more details about these security issues, including their impact, CVSS
scores, acknowledgments, and other related information, refer to the CVE
page listed in the References section.