10 matches found
RHCOS 4 : OpenShift Container Platform 4.8.56 (RHSA-2023:0017)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0017 advisory. - http2-server: Invalid HTTP/2 requests cause DoS CVE-2022-2048 - Libraries: Untrusted users can modify some Pipeline libraries in...
RHCOS 4 : OpenShift Container Platform 4.9.54 (RHSA-2022:9110)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:9110 advisory. - jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin CVE-2022-34177 Note that Nessus has not tested for this...
RHEL 8 : OpenShift Container Platform 4.10.33 (RHSA-2022:6531)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6531 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.9.54 packages and security update
Red Hat OpenShift Container Platform release 4.9.54 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.33 packages and security update
Red Hat OpenShift Container Platform release 4.10.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...
Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.14 / 2.332.4.1 / 2.346.1.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-06-22)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.14, or 2.x prior to 2.332.4.1 or 2.346.1.4. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Pipeline: Input Step Plugin...
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...
CVE-2022-34177
CVE-2022-34177 affects Jenkins Pipeline: Input Step Plugin. Vulnerability arises when archives files uploaded for file parameters in Pipeline input steps using the parameter name as a relative path inside a build directory, enabling an attacker to create or replace arbitrary files on the Jenkins ...
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...