An update for Openshift Jenkins is now available for Red Hat Product OCP Tools
 4.14.
Red Hat Product Security has rated this update as having a security impact of
 important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed
 severity rating,
is available for each vulnerability from the CVE link(s) in the References
 section.

Jenkins is a continuous integration server that monitors executions of repeated
jobs, such as building a software project or jobs run by cron.

Security Fix(es):

* org.jenkinsci.plugins/pipeline-model-definition: Jenkins Pipeline
Declarative Plugin Allows Restart of Builds with Unapproved
Jenkinsfile(CVE-2024-52551)
* org.jenkins-ci.plugins/script-security: Jenkins Script Security Plugin
File Disclosure Vulnerability(CVE-2024-52549)
* org.jenkins-ci.plugins.workflow/workflow-cps: Lack of Approval Check for
Rebuilt Jenkins Pipelines(CVE-2024-52550)
* jenkins: XStream is vulnerable to a Denial of Service attack due to stack
overflow from a manipulated binary input stream(CVE-2024-47072)
* jenkins: Mishandling of an unbalanced comment string in
json-lib(CVE-2024-47855)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments,
and other related information, refer to the CVE page listed in the References
 section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-47072: Deserialization of Untrusted Data (CWE-502)
CVE-2024-47855: Improper Validation of Syntactic Correctness of Input
 (CWE-1286)
CVE-2024-52549: Missing Authorization (CWE-862)
CVE-2024-52550: Missing Authorization (CWE-862)
CVE-2024-52551: Missing Authorization (CWE-862)