drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Red Hat Product OCP Tools 4.14 OpenShift Jenkins
Name: |
Mehrere Probleme in Red Hat Product OCP Tools 4.14 OpenShift Jenkins |
|
ID: |
RHSA-2024:3634 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat OpenShift Developer Tools and Services for OCP 4.14 |
|
Datum: |
Mi, 5. Juni 2024, 23:45 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2024-28149
https://access.redhat.com/security/cve/CVE-2024-23899
https://bugzilla.redhat.com/show_bug.cgi?id=2260183
https://bugzilla.redhat.com/show_bug.cgi?id=2266136
https://bugzilla.redhat.com/show_bug.cgi?id=2268227
https://bugzilla.redhat.com/show_bug.cgi?id=2268046
https://access.redhat.com/security/cve/CVE-2024-34145
https://bugzilla.redhat.com/show_bug.cgi?id=2278820
https://bugzilla.redhat.com/show_bug.cgi?id=2260184
https://access.redhat.com/security/cve/CVE-2024-24786
https://bugzilla.redhat.com/show_bug.cgi?id=2278821
https://access.redhat.com/security/cve/CVE-2024-22201
https://access.redhat.com/security/cve/CVE-2023-48795
https://access.redhat.com/errata/RHSA-2024:3634
https://access.redhat.com/security/cve/CVE-2024-34144
https://access.redhat.com/security/cve/CVE-2024-23900
https://bugzilla.redhat.com/show_bug.cgi?id=2254210 |
|
Applikationen: |
Red Hat Product OCP Tools 4.14 OpenShift Jenkins |
|
Originalnachricht |
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.
Security fixes:
* jenkins-2-plugins: Git-server plugin has an arbitrary file read vulnerability (CVE-2024-23899)
* jenkins-plugin/script-security: Sandbox bypass occurs via crafted constructor bodies (CVE-2024-34144)
* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined classes (CVE-2024-34145)
* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization (CVE-2024-28149)
* jetty: Stops accepting new connections from valid clients (CVE-2024-22201)
* SSH: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
* golang-protobuf: Unmarshaling certain forms of invalid JSON in the protojson.Unmarshal function causes an infinite loop in the encoding/protojson and internal/encoding/json packages of Golang-protobuf (CVE-2024-24786)
* jenkins-2-plugins: Matrix-project plugin has a path traversal vulnerability (CVE-2024-23900)
For more details about these security issues, including their impact, CVSS scores, acknowledgments, and other related information, refer to the CVE page listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2023-48795: Truncation of Security-relevant Information (CWE-222) CVE-2024-22201: Uncontrolled Resource Consumption (CWE-400) CVE-2024-23899: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88) CVE-2024-23900: Relative Path Traversal (CWE-23) CVE-2024-24786: Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835) CVE-2024-28149: Improper Input Validation (CWE-20) CVE-2024-34144: Protection Mechanism Failure (CWE-693) CVE-2024-34145: Protection Mechanism Failure (CWE-693)
|
|
|
|