9 matches found
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3198 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
RHEL 8 : OpenShift Developer Tools and Services for OCP 4.12 (RHSA-2023:1064)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1064 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Critical: Red Hat Security Advisory: OpenShift Developer Tools and Services for OCP 4.12 security update
An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2022-43407
A cross-site request forgery CSRF vulnerability was found in a Jenkins plugin. This issue may allow an unauthenticated attacker to access Jenkins builds, bypassing CSRF protections. This could compromise the integrity, availability, and confidentiality of Jenkins...
com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0), com.testinium.jenkins:testinium (=1.0) +27 more potentially affected by CVE-2022-43407 via org.jenkins-ci.plugins:pipeline-input-step (>=2.0 <=2.8)
org.jenkins-ci.plugins:pipeline-input-step MAVEN version =2.0, =1.0, =0.0.15, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =2.2.0, =1.8-beta-1, =1.8-beta-1, =2.0, =2.5 and more Source cves: CVE-2022-43407 Source advisory: OSV:GHSA-G66M-FQXF-3W35...
CVE-2022-43407
Jenkins Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step proceed or abort and is not correctly encoded, allowing attackers...
CVE-2022-43407
Jenkins Pipeline: Input Step Plugin 451.vf1aa4f405289 and earlier does not restrict or sanitize the optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for the given 'input' step proceed or abort and is not correctly encoded, allowing attackers...
CVE-2022-43407
CVE-2022-43407 affects Jenkins Pipeline: Input Step Plugin (versions up to 451.vf1a_a_4f405289 and earlier). The vulnerability arises because the plugin does not restrict or sanitize the optional ID used in the input step, which is used to construct URLs for user interactions (proceed/abort). Thi...