8 matches found
RHEL 8 : OpenShift Developer Tools and Services for OCP 4.12 (RHSA-2023:1064)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1064 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3198)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3198 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Critical: Red Hat Security Advisory: OpenShift Developer Tools and Services for OCP 4.12 security update
An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
com.bmc.ims:bmc-cfa (=198.vfe106798d1a6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +158 more potentially affected by CVE-2022-43409 via org.jenkins-ci.plugins.workflow:workflow-support (>=0.1-beta-1 <=819.v37d707a_71d9b_)
org.jenkins-ci.plugins.workflow:workflow-support MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.0, =1.3.0, =320.v5a0933ae7d61, =1.0, =1.0, =0.9.0, =1.0, =1.20 and more Source cves: CVE-2022-43409 Source advisory: OSV:GHSA-64R9-X74Q-WXMH...
CVE-2022-43409
Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...
CVE-2022-43409
Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...
CVE-2022-43409
CVE-2022-43409 affects Jenkins Pipeline: Supporting APIs Plugin (838.va_3a_087b_4055b and earlier). The vulnerability is a stored XSS caused by improper sanitization/encoding of URLs from hyperlinks that send POST requests in build logs, exploitable by users who can create Pipelines. Connected so...