Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-23899
Vulnerability from cvelistv5
Published
2024-01-24 17:52
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jenkinsci-cert@googlegroups.com | http://www.openwall.com/lists/oss-security/2024/01/24/6 | Mailing List, Third Party Advisory | |
| jenkinsci-cert@googlegroups.com | https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/01/24/6 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Jenkins Project | Jenkins Git server Plugin |
Version: 0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:13:08.396Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Jenkins Security Advisory 2024-01-24", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-23899", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-25T15:28:24.036847Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-18T15:37:40.867Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Jenkins Git server Plugin", vendor: "Jenkins Project", versions: [ { lessThanOrEqual: "99.va_0826a_b_cdfa_d", status: "affected", version: "0", versionType: "maven", }, ], }, ], descriptions: [ { lang: "en", value: "Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.", }, ], providerMetadata: { dateUpdated: "2024-01-24T17:55:09.022Z", orgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", shortName: "jenkins", }, references: [ { name: "Jenkins Security Advisory 2024-01-24", tags: [ "vendor-advisory", ], url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, ], }, }, cveMetadata: { assignerOrgId: "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", assignerShortName: "jenkins", cveId: "CVE-2024-23899", datePublished: "2024-01-24T17:52:24.131Z", dateReserved: "2024-01-23T12:46:51.264Z", dateUpdated: "2025-02-13T17:39:57.007Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-23899\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2024-01-24T18:15:09.467\",\"lastModified\":\"2024-11-21T08:58:40.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.\"},{\"lang\":\"es\",\"value\":\"El complemento del servidor Jenkins Git 99.va_0826a_b_cdfa_d y versiones anteriores no desactiva una función de su analizador de comandos que reemplaza un carácter '@' seguido de una ruta de archivo en un argumento con el contenido del archivo, permitiendo a atacantes con permiso general/lectura leer contenido de archivos arbitrarios en el sistema de archivos del controlador Jenkins.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:git_server:*:*:*:*:*:jenkins:*:*\",\"versionEndIncluding\":\"99.va_0826a_b_cdfa_d\",\"matchCriteriaId\":\"683B2B65-ECBB-4DE9-9680-8ECC929F74B7\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/24/6\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/24/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319\", \"name\": \"Jenkins Security Advisory 2024-01-24\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/24/6\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:13:08.396Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23899\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-25T15:28:24.036847Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-18T15:37:35.647Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Jenkins Project\", \"product\": \"Jenkins Git server Plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"maven\", \"lessThanOrEqual\": \"99.va_0826a_b_cdfa_d\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319\", \"name\": \"Jenkins Security Advisory 2024-01-24\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/24/6\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.\"}], \"providerMetadata\": {\"orgId\": \"39769cd5-e6e2-4dc8-927e-97b3aa056f5b\", \"shortName\": \"jenkins\", \"dateUpdated\": \"2024-01-24T17:55:09.022Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-23899\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:39:57.007Z\", \"dateReserved\": \"2024-01-23T12:46:51.264Z\", \"assignerOrgId\": \"39769cd5-e6e2-4dc8-927e-97b3aa056f5b\", \"datePublished\": \"2024-01-24T17:52:24.131Z\", \"assignerShortName\": \"jenkins\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
rhsa-2024:3635
Vulnerability from csaf_redhat
Published
2024-06-05 14:47
Modified
2025-03-14 10:17
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.
Security fixes:
* jenkins-2-plugins: Git-server plugin has an arbitrary file read vulnerability (CVE-2024-23899)
* jenkins-plugin/script-security: Sandbox bypass occurs via crafted constructor bodies (CVE-2024-34144)
* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined classes (CVE-2024-34145)
* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization (CVE-2024-28149)
* Jetty: Stops accepting new connections from valid clients (CVE-2024-22201)
* SSH: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
* golang-protobuf: Unmarshaling certain forms of invalid JSON in the protojson.Unmarshal function causes an infinite loop in the encoding/protojson and internal/encoding/json packages of Golang-protobuf (CVE-2024-24786)
* jenkins-2-plugins: Matrix-project plugin has a path traversal vulnerability (CVE-2024-23900)
For more details about these security issues, including their impact, CVSS scores, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read vulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted constructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined classes (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization (CVE-2024-28149)\n\n* Jetty: Stops accepting new connections from valid clients (CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the protojson.Unmarshal function causes an infinite loop in the encoding/protojson and internal/encoding/json packages of Golang-protobuf (CVE-2024-24786)\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal vulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS scores, acknowledgments, and other related information, refer to the CVE page listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3635", url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3635.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update", tracking: { current_release_date: "2025-03-14T10:17:47+00:00", generator: { date: "2025-03-14T10:17:47+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:3635", initial_release_date: "2024-06-05T14:47:22+00:00", revision_history: [ { date: "2024-06-05T14:47:22+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T14:47:22+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T10:17:47+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.12", product: { name: "OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.12::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445200-3.el8.src", product: { name: "jenkins-0:2.440.3.1716445200-3.el8.src", product_id: "jenkins-0:2.440.3.1716445200-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445200-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", product: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", product_id: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445200-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1716445200-3.el8.noarch", product_id: "jenkins-0:2.440.3.1716445200-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445200-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445200-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1716445200-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445200-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1716445200-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
RHSA-2024:3634
Vulnerability from csaf_redhat
Published
2024-06-05 14:47
Modified
2025-03-14 10:17
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of
recurring jobs, such as software builds or cron jobs.
Security fixes:
* jenkins-2-plugins: Git-server plugin has an arbitrary file read
vulnerability (CVE-2024-23899)
* jenkins-plugin/script-security: Sandbox bypass occurs via crafted
constructor bodies (CVE-2024-34144)
* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined
classes (CVE-2024-34145)
* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization
(CVE-2024-28149)
* jetty: Stops accepting new connections from valid clients
(CVE-2024-22201)
* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)
(CVE-2023-48795)
* golang-protobuf: Unmarshaling certain forms of invalid JSON in the
protojson.Unmarshal function causes an infinite loop in the
encoding/protojson and internal/encoding/json packages of Golang-protobuf
(CVE-2024-24786)
* jenkins-2-plugins: Matrix-project plugin has a path traversal
vulnerability (CVE-2024-23900)
For more details about these security issues, including their impact, CVSS
scores, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of\nrecurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read\nvulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted\nconstructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined\nclasses (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization\n(CVE-2024-28149)\n\n* jetty: Stops accepting new connections from valid clients\n(CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)\n(CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the\nprotojson.Unmarshal function causes an infinite loop in the\nencoding/protojson and internal/encoding/json packages of Golang-protobuf\n(CVE-2024-24786)\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal\nvulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS\nscores, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3634", url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3634.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update", tracking: { current_release_date: "2025-03-14T10:17:36+00:00", generator: { date: "2025-03-14T10:17:36+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:3634", initial_release_date: "2024-06-05T14:47:02+00:00", revision_history: [ { date: "2024-06-05T14:47:02+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T14:47:02+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T10:17:36+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.14", product: { name: "OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.14::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716387933-3.el8.src", product: { name: "jenkins-0:2.440.3.1716387933-3.el8.src", product_id: "jenkins-0:2.440.3.1716387933-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716387933-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", product: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", product_id: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716387933-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1716387933-3.el8.noarch", product_id: "jenkins-0:2.440.3.1716387933-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716387933-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716387933-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1716387933-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716387933-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1716387933-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
RHSA-2024:4597
Vulnerability from csaf_redhat
Published
2024-07-17 18:49
Modified
2025-03-14 10:19
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools
4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.
Security Fix(es):
* jenkins-plugin/script-security: Sandbox bypass via sandbox-defined classes (CVE-2024-34145)
* jenkins-plugin/script-security: Sandbox bypass via crafted constructor bodies (CVE-2024-34144)
* jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin (CVE-2024-28149)
* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)
* jetty: Stop accepting new connections from valid clients (CVE-2024-22201)
* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
* jenkins-2-plugins: matrix-project plugin path traversal vulnerability (CVE-2024-23900)
* runc: File descriptor leak (CVE-2024-21626, Leaky-Vessels)
* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools\n4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.\n\nSecurity Fix(es):\n\n* jenkins-plugin/script-security: Sandbox bypass via sandbox-defined classes (CVE-2024-34145)\n\n* jenkins-plugin/script-security: Sandbox bypass via crafted constructor bodies (CVE-2024-34144)\n\n* jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin (CVE-2024-28149)\n\n* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)\n\n* jetty: Stop accepting new connections from valid clients (CVE-2024-22201)\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\n* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)\n\n* jenkins-2-plugins: matrix-project plugin path traversal vulnerability (CVE-2024-23900)\n\n* runc: File descriptor leak (CVE-2024-21626, Leaky-Vessels)\n\n* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4597", url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2258725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258725", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4597.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update", tracking: { current_release_date: "2025-03-14T10:19:07+00:00", generator: { date: "2025-03-14T10:19:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:4597", initial_release_date: "2024-07-17T18:49:17+00:00", revision_history: [ { date: "2024-07-17T18:49:17+00:00", number: "1", summary: "Initial version", }, { date: "2024-07-17T18:49:17+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T10:19:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.15", product: { name: "OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.15::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1718879390-3.el8.src", product: { name: "jenkins-0:2.440.3.1718879390-3.el8.src", product_id: "jenkins-0:2.440.3.1718879390-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1718879390-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", product: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", product_id: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1718879390-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1718879390-3.el8.noarch", product_id: "jenkins-0:2.440.3.1718879390-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1718879390-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1718879390-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1718879390-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1718879390-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1718879390-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { acknowledgments: [ { names: [ "The Snyk Reseacher Team", ], }, ], cve: "CVE-2024-21626", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2258725", }, ], notes: [ { category: "description", text: "A file descriptor leak issue was found in the runc package. While a user performs `O_CLOEXEC` all file descriptors before executing the container code, the file descriptor is open when performing `setcwd(2)`, which means that the reference can be kept alive in the container by configuring the working directory to be a path resolved through the file descriptor. The non-dumpable bit is unset after `execve`, meaning there are multiple ways to attack this other than bad configurations. The only way to defend against it entirely is to close all unneeded file descriptors.", title: "Vulnerability description", }, { category: "summary", text: "runc: file descriptor leak", title: "Vulnerability summary", }, { category: "other", text: "These vulnerabilities not only enable malicious actors to escape containerized environments but also allow for full control over the underlying host system. With the widespread adoption of containerization technologies in both development and production environments, such exploits pose significant risks to data integrity, confidentiality, and system stability.\n\nOpenShift Container Platform ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack, and disabling SELinux on the Openshift container platform is not supported. Hence, the impact of the Openshift Container Platform is reduced to Moderate.\n\nFor multicluster-engine (MCE) vulnerable versions of buildkit and runc are part of installed version of oc. However, they are not affecting the higher-level assisted-installer binary in MCE. The presence of these dependencies in the container does not imply a security risk to the containerized application itself, as it is based on low-level packages included in the oc binary, and the impact to the container's core functionality is minimal.\n\nThis flaw doesn't affect the OpenShift Tools & Services as the affected code is only used for testing and is not exposed to the final user.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21626", }, { category: "external", summary: "RHBZ#2258725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258725", }, { category: "external", summary: "RHSB-2024-001", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2024-001", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21626", url: "https://www.cve.org/CVERecord?id=CVE-2024-21626", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", }, { category: "external", summary: "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", url: "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", }, ], release_date: "2024-01-31T20:01:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Red Hat Enterprise Linux (RHEL) and OpenShift ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack. Dockerfiles can be inspected on the 'RUN' and 'WORKDIR' directives to ensure that there are no escapes or malicious paths, which are an indication of compromise. Limiting access and only using trusted container images can help prevent unauthorized access and malicious attacks.", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "runc: file descriptor leak", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
RHSA-2024:3636
Vulnerability from csaf_redhat
Published
2024-06-05 14:46
Modified
2025-03-14 10:17
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of
recurring jobs, such as software builds or cron jobs.
Security fixes:
* jenkins-2-plugins: Git-server plugin has an arbitrary file read
vulnerability (CVE-2024-23899)
* jenkins-plugin/script-security: Sandbox bypass occurs via crafted
constructor bodies (CVE-2024-34144)
* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined
classes (CVE-2024-34145)
* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization
(CVE-2024-28149)
* jetty: Stops accepting new connections from valid clients
(CVE-2024-22201)
* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)
(CVE-2023-48795)
* golang-protobuf: Unmarshaling certain forms of invalid JSON in the
protojson.Unmarshal function causes an infinite loop in the
encoding/protojson and internal/encoding/json packages of Golang-protobuf
(CVE-2024-24786).
* jenkins-2-plugins: Matrix-project plugin has a path traversal
vulnerability (CVE-2024-23900)
For more details about these security issues, including their impact, CVSS
scores, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of\nrecurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read\nvulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted\nconstructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined\nclasses (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization\n(CVE-2024-28149)\n\n* jetty: Stops accepting new connections from valid clients\n(CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)\n(CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the\nprotojson.Unmarshal function causes an infinite loop in the\nencoding/protojson and internal/encoding/json packages of Golang-protobuf\n(CVE-2024-24786).\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal\nvulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS\nscores, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3636", url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3636.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update", tracking: { current_release_date: "2025-03-14T10:17:58+00:00", generator: { date: "2025-03-14T10:17:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:3636", initial_release_date: "2024-06-05T14:46:12+00:00", revision_history: [ { date: "2024-06-05T14:46:12+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T14:46:12+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T10:17:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.13", product: { name: "OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.13::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445150-3.el8.src", product: { name: "jenkins-0:2.440.3.1716445150-3.el8.src", product_id: "jenkins-0:2.440.3.1716445150-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445150-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", product: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", product_id: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445150-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1716445150-3.el8.noarch", product_id: "jenkins-0:2.440.3.1716445150-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445150-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445150-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1716445150-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445150-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1716445150-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
RHSA-2024:3635
Vulnerability from csaf_redhat
Published
2024-06-05 14:47
Modified
2025-03-14 10:17
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.
Security fixes:
* jenkins-2-plugins: Git-server plugin has an arbitrary file read vulnerability (CVE-2024-23899)
* jenkins-plugin/script-security: Sandbox bypass occurs via crafted constructor bodies (CVE-2024-34144)
* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined classes (CVE-2024-34145)
* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization (CVE-2024-28149)
* Jetty: Stops accepting new connections from valid clients (CVE-2024-22201)
* SSH: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
* golang-protobuf: Unmarshaling certain forms of invalid JSON in the protojson.Unmarshal function causes an infinite loop in the encoding/protojson and internal/encoding/json packages of Golang-protobuf (CVE-2024-24786)
* jenkins-2-plugins: Matrix-project plugin has a path traversal vulnerability (CVE-2024-23900)
For more details about these security issues, including their impact, CVSS scores, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read vulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted constructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined classes (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization (CVE-2024-28149)\n\n* Jetty: Stops accepting new connections from valid clients (CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the protojson.Unmarshal function causes an infinite loop in the encoding/protojson and internal/encoding/json packages of Golang-protobuf (CVE-2024-24786)\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal vulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS scores, acknowledgments, and other related information, refer to the CVE page listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3635", url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3635.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update", tracking: { current_release_date: "2025-03-14T10:17:47+00:00", generator: { date: "2025-03-14T10:17:47+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:3635", initial_release_date: "2024-06-05T14:47:22+00:00", revision_history: [ { date: "2024-06-05T14:47:22+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T14:47:22+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T10:17:47+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.12", product: { name: "OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.12::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445200-3.el8.src", product: { name: "jenkins-0:2.440.3.1716445200-3.el8.src", product_id: "jenkins-0:2.440.3.1716445200-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445200-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", product: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", product_id: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445200-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1716445200-3.el8.noarch", product_id: "jenkins-0:2.440.3.1716445200-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445200-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445200-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1716445200-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445200-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1716445200-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
rhsa-2024_3636
Vulnerability from csaf_redhat
Published
2024-06-05 14:46
Modified
2025-01-06 19:42
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of
recurring jobs, such as software builds or cron jobs.
Security fixes:
* jenkins-2-plugins: Git-server plugin has an arbitrary file read
vulnerability (CVE-2024-23899)
* jenkins-plugin/script-security: Sandbox bypass occurs via crafted
constructor bodies (CVE-2024-34144)
* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined
classes (CVE-2024-34145)
* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization
(CVE-2024-28149)
* jetty: Stops accepting new connections from valid clients
(CVE-2024-22201)
* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)
(CVE-2023-48795)
* golang-protobuf: Unmarshaling certain forms of invalid JSON in the
protojson.Unmarshal function causes an infinite loop in the
encoding/protojson and internal/encoding/json packages of Golang-protobuf
(CVE-2024-24786).
* jenkins-2-plugins: Matrix-project plugin has a path traversal
vulnerability (CVE-2024-23900)
For more details about these security issues, including their impact, CVSS
scores, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of\nrecurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read\nvulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted\nconstructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined\nclasses (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization\n(CVE-2024-28149)\n\n* jetty: Stops accepting new connections from valid clients\n(CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)\n(CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the\nprotojson.Unmarshal function causes an infinite loop in the\nencoding/protojson and internal/encoding/json packages of Golang-protobuf\n(CVE-2024-24786).\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal\nvulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS\nscores, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3636", url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3636.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update", tracking: { current_release_date: "2025-01-06T19:42:26+00:00", generator: { date: "2025-01-06T19:42:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:3636", initial_release_date: "2024-06-05T14:46:12+00:00", revision_history: [ { date: "2024-06-05T14:46:12+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T14:46:12+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T19:42:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.13", product: { name: "OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.13::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445150-3.el8.src", product: { name: "jenkins-0:2.440.3.1716445150-3.el8.src", product_id: "jenkins-0:2.440.3.1716445150-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445150-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", product: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", product_id: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445150-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1716445150-3.el8.noarch", product_id: "jenkins-0:2.440.3.1716445150-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445150-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445150-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1716445150-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445150-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1716445150-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
rhsa-2024:3636
Vulnerability from csaf_redhat
Published
2024-06-05 14:46
Modified
2025-03-14 10:17
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of
recurring jobs, such as software builds or cron jobs.
Security fixes:
* jenkins-2-plugins: Git-server plugin has an arbitrary file read
vulnerability (CVE-2024-23899)
* jenkins-plugin/script-security: Sandbox bypass occurs via crafted
constructor bodies (CVE-2024-34144)
* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined
classes (CVE-2024-34145)
* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization
(CVE-2024-28149)
* jetty: Stops accepting new connections from valid clients
(CVE-2024-22201)
* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)
(CVE-2023-48795)
* golang-protobuf: Unmarshaling certain forms of invalid JSON in the
protojson.Unmarshal function causes an infinite loop in the
encoding/protojson and internal/encoding/json packages of Golang-protobuf
(CVE-2024-24786).
* jenkins-2-plugins: Matrix-project plugin has a path traversal
vulnerability (CVE-2024-23900)
For more details about these security issues, including their impact, CVSS
scores, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of\nrecurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read\nvulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted\nconstructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined\nclasses (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization\n(CVE-2024-28149)\n\n* jetty: Stops accepting new connections from valid clients\n(CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)\n(CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the\nprotojson.Unmarshal function causes an infinite loop in the\nencoding/protojson and internal/encoding/json packages of Golang-protobuf\n(CVE-2024-24786).\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal\nvulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS\nscores, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3636", url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3636.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update", tracking: { current_release_date: "2025-03-14T10:17:58+00:00", generator: { date: "2025-03-14T10:17:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:3636", initial_release_date: "2024-06-05T14:46:12+00:00", revision_history: [ { date: "2024-06-05T14:46:12+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T14:46:12+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T10:17:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.13", product: { name: "OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.13::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445150-3.el8.src", product: { name: "jenkins-0:2.440.3.1716445150-3.el8.src", product_id: "jenkins-0:2.440.3.1716445150-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445150-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", product: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", product_id: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445150-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1716445150-3.el8.noarch", product_id: "jenkins-0:2.440.3.1716445150-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445150-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445150-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1716445150-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445150-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1716445150-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", product_id: "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.13", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:46:12+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3636", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
rhsa-2024:3634
Vulnerability from csaf_redhat
Published
2024-06-05 14:47
Modified
2025-03-14 10:17
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of
recurring jobs, such as software builds or cron jobs.
Security fixes:
* jenkins-2-plugins: Git-server plugin has an arbitrary file read
vulnerability (CVE-2024-23899)
* jenkins-plugin/script-security: Sandbox bypass occurs via crafted
constructor bodies (CVE-2024-34144)
* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined
classes (CVE-2024-34145)
* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization
(CVE-2024-28149)
* jetty: Stops accepting new connections from valid clients
(CVE-2024-22201)
* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)
(CVE-2023-48795)
* golang-protobuf: Unmarshaling certain forms of invalid JSON in the
protojson.Unmarshal function causes an infinite loop in the
encoding/protojson and internal/encoding/json packages of Golang-protobuf
(CVE-2024-24786)
* jenkins-2-plugins: Matrix-project plugin has a path traversal
vulnerability (CVE-2024-23900)
For more details about these security issues, including their impact, CVSS
scores, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of\nrecurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read\nvulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted\nconstructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined\nclasses (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization\n(CVE-2024-28149)\n\n* jetty: Stops accepting new connections from valid clients\n(CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)\n(CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the\nprotojson.Unmarshal function causes an infinite loop in the\nencoding/protojson and internal/encoding/json packages of Golang-protobuf\n(CVE-2024-24786)\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal\nvulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS\nscores, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3634", url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3634.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update", tracking: { current_release_date: "2025-03-14T10:17:36+00:00", generator: { date: "2025-03-14T10:17:36+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:3634", initial_release_date: "2024-06-05T14:47:02+00:00", revision_history: [ { date: "2024-06-05T14:47:02+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T14:47:02+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T10:17:36+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.14", product: { name: "OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.14::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716387933-3.el8.src", product: { name: "jenkins-0:2.440.3.1716387933-3.el8.src", product_id: "jenkins-0:2.440.3.1716387933-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716387933-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", product: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", product_id: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716387933-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1716387933-3.el8.noarch", product_id: "jenkins-0:2.440.3.1716387933-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716387933-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716387933-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1716387933-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716387933-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1716387933-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
rhsa-2024_4597
Vulnerability from csaf_redhat
Published
2024-07-17 18:49
Modified
2025-01-06 19:44
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools
4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.
Security Fix(es):
* jenkins-plugin/script-security: Sandbox bypass via sandbox-defined classes (CVE-2024-34145)
* jenkins-plugin/script-security: Sandbox bypass via crafted constructor bodies (CVE-2024-34144)
* jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin (CVE-2024-28149)
* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)
* jetty: Stop accepting new connections from valid clients (CVE-2024-22201)
* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
* jenkins-2-plugins: matrix-project plugin path traversal vulnerability (CVE-2024-23900)
* runc: File descriptor leak (CVE-2024-21626, Leaky-Vessels)
* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools\n4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.\n\nSecurity Fix(es):\n\n* jenkins-plugin/script-security: Sandbox bypass via sandbox-defined classes (CVE-2024-34145)\n\n* jenkins-plugin/script-security: Sandbox bypass via crafted constructor bodies (CVE-2024-34144)\n\n* jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin (CVE-2024-28149)\n\n* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)\n\n* jetty: Stop accepting new connections from valid clients (CVE-2024-22201)\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\n* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)\n\n* jenkins-2-plugins: matrix-project plugin path traversal vulnerability (CVE-2024-23900)\n\n* runc: File descriptor leak (CVE-2024-21626, Leaky-Vessels)\n\n* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4597", url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2258725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258725", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4597.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update", tracking: { current_release_date: "2025-01-06T19:44:40+00:00", generator: { date: "2025-01-06T19:44:40+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:4597", initial_release_date: "2024-07-17T18:49:17+00:00", revision_history: [ { date: "2024-07-17T18:49:17+00:00", number: "1", summary: "Initial version", }, { date: "2024-07-17T18:49:17+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T19:44:40+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.15", product: { name: "OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.15::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1718879390-3.el8.src", product: { name: "jenkins-0:2.440.3.1718879390-3.el8.src", product_id: "jenkins-0:2.440.3.1718879390-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1718879390-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", product: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", product_id: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1718879390-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1718879390-3.el8.noarch", product_id: "jenkins-0:2.440.3.1718879390-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1718879390-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1718879390-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1718879390-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1718879390-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1718879390-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { acknowledgments: [ { names: [ "The Snyk Reseacher Team", ], }, ], cve: "CVE-2024-21626", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2258725", }, ], notes: [ { category: "description", text: "A file descriptor leak issue was found in the runc package. While a user performs `O_CLOEXEC` all file descriptors before executing the container code, the file descriptor is open when performing `setcwd(2)`, which means that the reference can be kept alive in the container by configuring the working directory to be a path resolved through the file descriptor. The non-dumpable bit is unset after `execve`, meaning there are multiple ways to attack this other than bad configurations. The only way to defend against it entirely is to close all unneeded file descriptors.", title: "Vulnerability description", }, { category: "summary", text: "runc: file descriptor leak", title: "Vulnerability summary", }, { category: "other", text: "These vulnerabilities not only enable malicious actors to escape containerized environments but also allow for full control over the underlying host system. With the widespread adoption of containerization technologies in both development and production environments, such exploits pose significant risks to data integrity, confidentiality, and system stability.\n\nOpenShift Container Platform ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack, and disabling SELinux on the Openshift container platform is not supported. Hence, the impact of the Openshift Container Platform is reduced to Moderate.\n\nFor multicluster-engine (MCE) vulnerable versions of buildkit and runc are part of installed version of oc. However, they are not affecting the higher-level assisted-installer binary in MCE. The presence of these dependencies in the container does not imply a security risk to the containerized application itself, as it is based on low-level packages included in the oc binary, and the impact to the container's core functionality is minimal.\n\nThis flaw doesn't affect the OpenShift Tools & Services as the affected code is only used for testing and is not exposed to the final user.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21626", }, { category: "external", summary: "RHBZ#2258725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258725", }, { category: "external", summary: "RHSB-2024-001", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2024-001", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21626", url: "https://www.cve.org/CVERecord?id=CVE-2024-21626", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", }, { category: "external", summary: "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", url: "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", }, ], release_date: "2024-01-31T20:01:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Red Hat Enterprise Linux (RHEL) and OpenShift ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack. Dockerfiles can be inspected on the 'RUN' and 'WORKDIR' directives to ensure that there are no escapes or malicious paths, which are an indication of compromise. Limiting access and only using trusted container images can help prevent unauthorized access and malicious attacks.", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "runc: file descriptor leak", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
rhsa-2024:4597
Vulnerability from csaf_redhat
Published
2024-07-17 18:49
Modified
2025-03-14 10:19
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools
4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.
Security Fix(es):
* jenkins-plugin/script-security: Sandbox bypass via sandbox-defined classes (CVE-2024-34145)
* jenkins-plugin/script-security: Sandbox bypass via crafted constructor bodies (CVE-2024-34144)
* jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin (CVE-2024-28149)
* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)
* jetty: Stop accepting new connections from valid clients (CVE-2024-22201)
* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
* jenkins-2-plugins: matrix-project plugin path traversal vulnerability (CVE-2024-23900)
* runc: File descriptor leak (CVE-2024-21626, Leaky-Vessels)
* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools\n4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.\n\nSecurity Fix(es):\n\n* jenkins-plugin/script-security: Sandbox bypass via sandbox-defined classes (CVE-2024-34145)\n\n* jenkins-plugin/script-security: Sandbox bypass via crafted constructor bodies (CVE-2024-34144)\n\n* jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin (CVE-2024-28149)\n\n* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)\n\n* jetty: Stop accepting new connections from valid clients (CVE-2024-22201)\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\n* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)\n\n* jenkins-2-plugins: matrix-project plugin path traversal vulnerability (CVE-2024-23900)\n\n* runc: File descriptor leak (CVE-2024-21626, Leaky-Vessels)\n\n* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4597", url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2258725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258725", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4597.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update", tracking: { current_release_date: "2025-03-14T10:19:07+00:00", generator: { date: "2025-03-14T10:19:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:4597", initial_release_date: "2024-07-17T18:49:17+00:00", revision_history: [ { date: "2024-07-17T18:49:17+00:00", number: "1", summary: "Initial version", }, { date: "2024-07-17T18:49:17+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-14T10:19:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.15", product: { name: "OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.15::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1718879390-3.el8.src", product: { name: "jenkins-0:2.440.3.1718879390-3.el8.src", product_id: "jenkins-0:2.440.3.1718879390-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1718879390-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", product: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", product_id: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1718879390-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1718879390-3.el8.noarch", product_id: "jenkins-0:2.440.3.1718879390-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1718879390-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1718879390-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1718879390-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1718879390-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1718879390-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15", product_id: "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.15", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { acknowledgments: [ { names: [ "The Snyk Reseacher Team", ], }, ], cve: "CVE-2024-21626", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2258725", }, ], notes: [ { category: "description", text: "A file descriptor leak issue was found in the runc package. While a user performs `O_CLOEXEC` all file descriptors before executing the container code, the file descriptor is open when performing `setcwd(2)`, which means that the reference can be kept alive in the container by configuring the working directory to be a path resolved through the file descriptor. The non-dumpable bit is unset after `execve`, meaning there are multiple ways to attack this other than bad configurations. The only way to defend against it entirely is to close all unneeded file descriptors.", title: "Vulnerability description", }, { category: "summary", text: "runc: file descriptor leak", title: "Vulnerability summary", }, { category: "other", text: "These vulnerabilities not only enable malicious actors to escape containerized environments but also allow for full control over the underlying host system. With the widespread adoption of containerization technologies in both development and production environments, such exploits pose significant risks to data integrity, confidentiality, and system stability.\n\nOpenShift Container Platform ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack, and disabling SELinux on the Openshift container platform is not supported. Hence, the impact of the Openshift Container Platform is reduced to Moderate.\n\nFor multicluster-engine (MCE) vulnerable versions of buildkit and runc are part of installed version of oc. However, they are not affecting the higher-level assisted-installer binary in MCE. The presence of these dependencies in the container does not imply a security risk to the containerized application itself, as it is based on low-level packages included in the oc binary, and the impact to the container's core functionality is minimal.\n\nThis flaw doesn't affect the OpenShift Tools & Services as the affected code is only used for testing and is not exposed to the final user.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21626", }, { category: "external", summary: "RHBZ#2258725", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2258725", }, { category: "external", summary: "RHSB-2024-001", url: "https://access.redhat.com/security/vulnerabilities/RHSB-2024-001", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21626", url: "https://www.cve.org/CVERecord?id=CVE-2024-21626", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", }, { category: "external", summary: "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", url: "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", }, ], release_date: "2024-01-31T20:01:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Red Hat Enterprise Linux (RHEL) and OpenShift ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack. Dockerfiles can be inspected on the 'RUN' and 'WORKDIR' directives to ensure that there are no escapes or malicious paths, which are an indication of compromise. Limiting access and only using trusted container images can help prevent unauthorized access and malicious attacks.", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "runc: file descriptor leak", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-17T18:49:17+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4597", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
rhsa-2024_3634
Vulnerability from csaf_redhat
Published
2024-06-05 14:47
Modified
2025-01-06 19:42
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of
recurring jobs, such as software builds or cron jobs.
Security fixes:
* jenkins-2-plugins: Git-server plugin has an arbitrary file read
vulnerability (CVE-2024-23899)
* jenkins-plugin/script-security: Sandbox bypass occurs via crafted
constructor bodies (CVE-2024-34144)
* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined
classes (CVE-2024-34145)
* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization
(CVE-2024-28149)
* jetty: Stops accepting new connections from valid clients
(CVE-2024-22201)
* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)
(CVE-2023-48795)
* golang-protobuf: Unmarshaling certain forms of invalid JSON in the
protojson.Unmarshal function causes an infinite loop in the
encoding/protojson and internal/encoding/json packages of Golang-protobuf
(CVE-2024-24786)
* jenkins-2-plugins: Matrix-project plugin has a path traversal
vulnerability (CVE-2024-23900)
For more details about these security issues, including their impact, CVSS
scores, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of\nrecurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read\nvulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted\nconstructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined\nclasses (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization\n(CVE-2024-28149)\n\n* jetty: Stops accepting new connections from valid clients\n(CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)\n(CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the\nprotojson.Unmarshal function causes an infinite loop in the\nencoding/protojson and internal/encoding/json packages of Golang-protobuf\n(CVE-2024-24786)\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal\nvulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS\nscores, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3634", url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3634.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update", tracking: { current_release_date: "2025-01-06T19:42:05+00:00", generator: { date: "2025-01-06T19:42:05+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:3634", initial_release_date: "2024-06-05T14:47:02+00:00", revision_history: [ { date: "2024-06-05T14:47:02+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T14:47:02+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T19:42:05+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.14", product: { name: "OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.14::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716387933-3.el8.src", product: { name: "jenkins-0:2.440.3.1716387933-3.el8.src", product_id: "jenkins-0:2.440.3.1716387933-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716387933-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", product: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", product_id: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716387933-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1716387933-3.el8.noarch", product_id: "jenkins-0:2.440.3.1716387933-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716387933-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716387933-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1716387933-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716387933-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1716387933-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", product_id: "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.14", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:02+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3634", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
rhsa-2024_3635
Vulnerability from csaf_redhat
Published
2024-06-05 14:47
Modified
2025-01-06 19:42
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update
Notes
Topic
An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.
Security fixes:
* jenkins-2-plugins: Git-server plugin has an arbitrary file read vulnerability (CVE-2024-23899)
* jenkins-plugin/script-security: Sandbox bypass occurs via crafted constructor bodies (CVE-2024-34144)
* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined classes (CVE-2024-34145)
* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization (CVE-2024-28149)
* Jetty: Stops accepting new connections from valid clients (CVE-2024-22201)
* SSH: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
* golang-protobuf: Unmarshaling certain forms of invalid JSON in the protojson.Unmarshal function causes an infinite loop in the encoding/protojson and internal/encoding/json packages of Golang-protobuf (CVE-2024-24786)
* jenkins-2-plugins: Matrix-project plugin has a path traversal vulnerability (CVE-2024-23900)
For more details about these security issues, including their impact, CVSS scores, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read vulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted constructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined classes (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization (CVE-2024-28149)\n\n* Jetty: Stops accepting new connections from valid clients (CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the protojson.Unmarshal function causes an infinite loop in the encoding/protojson and internal/encoding/json packages of Golang-protobuf (CVE-2024-24786)\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal vulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS scores, acknowledgments, and other related information, refer to the CVE page listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3635", url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3635.json", }, ], title: "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update", tracking: { current_release_date: "2025-01-06T19:42:16+00:00", generator: { date: "2025-01-06T19:42:16+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:3635", initial_release_date: "2024-06-05T14:47:22+00:00", revision_history: [ { date: "2024-06-05T14:47:22+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T14:47:22+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T19:42:16+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Developer Tools and Services for OCP 4.12", product: { name: "OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12", product_identification_helper: { cpe: "cpe:/a:redhat:ocp_tools:4.12::el8", }, }, }, ], category: "product_family", name: "OpenShift Jenkins", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445200-3.el8.src", product: { name: "jenkins-0:2.440.3.1716445200-3.el8.src", product_id: "jenkins-0:2.440.3.1716445200-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445200-3.el8?arch=src", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", product: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", product_id: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jenkins-0:2.440.3.1716445200-3.el8.noarch", product: { name: "jenkins-0:2.440.3.1716445200-3.el8.noarch", product_id: "jenkins-0:2.440.3.1716445200-3.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins@2.440.3.1716445200-3.el8?arch=noarch", }, }, }, { category: "product_version", name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", product: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", product_id: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1.el8?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445200-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", }, product_reference: "jenkins-0:2.440.3.1716445200-3.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, { category: "default_component_of", full_product_name: { name: "jenkins-0:2.440.3.1716445200-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", }, product_reference: "jenkins-0:2.440.3.1716445200-3.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", }, product_reference: "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, { category: "default_component_of", full_product_name: { name: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", product_id: "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", }, product_reference: "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", relates_to_product_reference: "8Base-OCP-Tools-4.12", }, ], }, vulnerabilities: [ { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254210", }, ], notes: [ { category: "description", text: "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", title: "Vulnerability description", }, { category: "summary", text: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", title: "Vulnerability summary", }, { category: "other", text: "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection's traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-48795", }, { category: "external", summary: "RHBZ#2254210", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-48795", url: "https://www.cve.org/CVERecord?id=CVE-2023-48795", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "https://access.redhat.com/solutions/7071748", url: "https://access.redhat.com/solutions/7071748", }, { category: "external", summary: "https://terrapin-attack.com/", url: "https://terrapin-attack.com/", }, ], release_date: "2023-12-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "workaround", details: "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server's reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server's reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-23899", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260183", }, ], notes: [ { category: "description", text: "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server's file system.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23899", }, { category: "external", summary: "RHBZ#2260183", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260183", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23899", url: "https://www.cve.org/CVERecord?id=CVE-2024-23899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", }, { cve: "CVE-2024-23900", cwe: { id: "CWE-23", name: "Relative Path Traversal", }, discovery_date: "2024-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2260184", }, ], notes: [ { category: "description", text: "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-23900", }, { category: "external", summary: "RHBZ#2260184", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2260184", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-23900", url: "https://www.cve.org/CVERecord?id=CVE-2024-23900", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/01/24/6", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", }, ], release_date: "2024-01-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28149", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268227", }, ], notes: [ { category: "description", text: "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", title: "Vulnerability summary", }, { category: "other", text: "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28149", }, { category: "external", summary: "RHBZ#2268227", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268227", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28149", url: "https://www.cve.org/CVERecord?id=CVE-2024-28149", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", url: "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", }, ], release_date: "2024-03-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", }, { cve: "CVE-2024-34144", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278820", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34144", }, { category: "external", summary: "RHBZ#2278820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278820", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34144", url: "https://www.cve.org/CVERecord?id=CVE-2024-34144", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", }, { cve: "CVE-2024-34145", cwe: { id: "CWE-693", name: "Protection Mechanism Failure", }, discovery_date: "2024-05-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2278821", }, ], notes: [ { category: "description", text: "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", title: "Vulnerability description", }, { category: "summary", text: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34145", }, { category: "external", summary: "RHBZ#2278821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2278821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34145", url: "https://www.cve.org/CVERecord?id=CVE-2024-34145", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/05/02/3", url: "http://www.openwall.com/lists/oss-security/2024/05/02/3", }, { category: "external", summary: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", url: "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", }, ], release_date: "2024-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T14:47:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3635", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", }, ], }
wid-sec-w-2024-0199
Vulnerability from csaf_certbund
Published
2024-01-24 23:00
Modified
2024-08-20 22:00
Summary
Jenkins: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0199 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0199.json", }, { category: "self", summary: "WID-SEC-2024-0199 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0199", }, { category: "external", summary: "Jenkins Security Advisory vom 2024-01-24", url: "https://www.jenkins.io/security/advisory/2024-01-24/", }, { category: "external", summary: "PoC CVE-2024-23897 vom 2024-01-25", url: "https://github.com/binganao/CVE-2024-23897/tree/main", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:0775 vom 2024-02-12", url: "https://access.redhat.com/errata/RHSA-2024:0775", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12", url: "https://access.redhat.com/errata/RHSA-2024:0778", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:0776 vom 2024-02-12", url: "https://access.redhat.com/errata/RHSA-2024:0776", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3636 vom 2024-06-05", url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3634 vom 2024-06-05", url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3635 vom 2024-06-05", url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4597 vom 2024-07-19", url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "external", summary: "Fortiguard Outbreak Alert vom 2024-08-20", url: "https://fortiguard.fortinet.com/outbreak-alert/jenkins-rce", }, ], source_lang: "en-US", title: "Jenkins: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-20T22:00:00.000+00:00", generator: { date: "2024-08-21T10:40:48.261+00:00", engine: { name: "BSI-WID", version: "1.3.6", }, }, id: "WID-SEC-W-2024-0199", initial_release_date: "2024-01-24T23:00:00.000+00:00", revision_history: [ { date: "2024-01-24T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-01-25T23:00:00.000+00:00", number: "2", summary: "PoC für CVE-2024-23897 aufgenommen", }, { date: "2024-02-11T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-05T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-21T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-20T22:00:00.000+00:00", number: "6", summary: "CVE-2024-23897 wird ausgenutzt", }, ], status: "final", version: "6", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<2.442", product: { name: "Jenkins Jenkins <2.442", product_id: "T032328", }, }, { category: "product_version", name: "2.442", product: { name: "Jenkins Jenkins 2.442", product_id: "T032328-fixed", product_identification_helper: { cpe: "cpe:/a:cloudbees:jenkins:2.442", }, }, }, { category: "product_version_range", name: "<LTS 2.426.3", product: { name: "Jenkins Jenkins <LTS 2.426.3", product_id: "T032329", }, }, { category: "product_version", name: "LTS 2.426.3", product: { name: "Jenkins Jenkins LTS 2.426.3", product_id: "T032329-fixed", product_identification_helper: { cpe: "cpe:/a:cloudbees:jenkins:lts_2.426.3", }, }, }, ], category: "product_name", name: "Jenkins", }, ], category: "vendor", name: "Jenkins", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-6147", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2023-6147", }, { cve: "CVE-2023-6148", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2023-6148", }, { cve: "CVE-2024-23897", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23897", }, { cve: "CVE-2024-23898", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23898", }, { cve: "CVE-2024-23899", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23899", }, { cve: "CVE-2024-23900", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23900", }, { cve: "CVE-2024-23901", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23901", }, { cve: "CVE-2024-23902", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23902", }, { cve: "CVE-2024-23903", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23903", }, { cve: "CVE-2024-23904", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23904", }, { cve: "CVE-2024-23905", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23905", }, ], }
WID-SEC-W-2024-0199
Vulnerability from csaf_certbund
Published
2024-01-24 23:00
Modified
2024-08-20 22:00
Summary
Jenkins: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0199 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0199.json", }, { category: "self", summary: "WID-SEC-2024-0199 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0199", }, { category: "external", summary: "Jenkins Security Advisory vom 2024-01-24", url: "https://www.jenkins.io/security/advisory/2024-01-24/", }, { category: "external", summary: "PoC CVE-2024-23897 vom 2024-01-25", url: "https://github.com/binganao/CVE-2024-23897/tree/main", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:0775 vom 2024-02-12", url: "https://access.redhat.com/errata/RHSA-2024:0775", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12", url: "https://access.redhat.com/errata/RHSA-2024:0778", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:0776 vom 2024-02-12", url: "https://access.redhat.com/errata/RHSA-2024:0776", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3636 vom 2024-06-05", url: "https://access.redhat.com/errata/RHSA-2024:3636", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3634 vom 2024-06-05", url: "https://access.redhat.com/errata/RHSA-2024:3634", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3635 vom 2024-06-05", url: "https://access.redhat.com/errata/RHSA-2024:3635", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4597 vom 2024-07-19", url: "https://access.redhat.com/errata/RHSA-2024:4597", }, { category: "external", summary: "Fortiguard Outbreak Alert vom 2024-08-20", url: "https://fortiguard.fortinet.com/outbreak-alert/jenkins-rce", }, ], source_lang: "en-US", title: "Jenkins: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-20T22:00:00.000+00:00", generator: { date: "2024-08-21T10:40:48.261+00:00", engine: { name: "BSI-WID", version: "1.3.6", }, }, id: "WID-SEC-W-2024-0199", initial_release_date: "2024-01-24T23:00:00.000+00:00", revision_history: [ { date: "2024-01-24T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-01-25T23:00:00.000+00:00", number: "2", summary: "PoC für CVE-2024-23897 aufgenommen", }, { date: "2024-02-11T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-05T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-21T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-20T22:00:00.000+00:00", number: "6", summary: "CVE-2024-23897 wird ausgenutzt", }, ], status: "final", version: "6", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<2.442", product: { name: "Jenkins Jenkins <2.442", product_id: "T032328", }, }, { category: "product_version", name: "2.442", product: { name: "Jenkins Jenkins 2.442", product_id: "T032328-fixed", product_identification_helper: { cpe: "cpe:/a:cloudbees:jenkins:2.442", }, }, }, { category: "product_version_range", name: "<LTS 2.426.3", product: { name: "Jenkins Jenkins <LTS 2.426.3", product_id: "T032329", }, }, { category: "product_version", name: "LTS 2.426.3", product: { name: "Jenkins Jenkins LTS 2.426.3", product_id: "T032329-fixed", product_identification_helper: { cpe: "cpe:/a:cloudbees:jenkins:lts_2.426.3", }, }, }, ], category: "product_name", name: "Jenkins", }, ], category: "vendor", name: "Jenkins", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-6147", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2023-6147", }, { cve: "CVE-2023-6148", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2023-6148", }, { cve: "CVE-2024-23897", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23897", }, { cve: "CVE-2024-23898", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23898", }, { cve: "CVE-2024-23899", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23899", }, { cve: "CVE-2024-23900", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23900", }, { cve: "CVE-2024-23901", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23901", }, { cve: "CVE-2024-23902", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23902", }, { cve: "CVE-2024-23903", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23903", }, { cve: "CVE-2024-23904", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23904", }, { cve: "CVE-2024-23905", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen in mehreren Komponenten wie der args4j-Bibliothek, dem WebSocket und mehreren Plugins. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren oder Cross-Site Scripting (XSS)-Angriffe durchzuführen. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T032328", "67646", "T032329", ], }, release_date: "2024-01-24T23:00:00.000+00:00", title: "CVE-2024-23905", }, ], }
gsd-2024-23899
Vulnerability from gsd
Modified
2024-01-24 06:02
Details
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.
Aliases
{ gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2024-23899", ], details: "Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.", id: "GSD-2024-23899", modified: "2024-01-24T06:02:25.115922Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "jenkinsci-cert@googlegroups.com", ID: "CVE-2024-23899", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Jenkins Git server Plugin", version: { version_data: [ { version_affected: "<=", version_name: "0", version_value: "99.va_0826a_b_cdfa_d", }, ], }, }, ], }, vendor_name: "Jenkins Project", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", refsource: "MISC", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, { name: "http://www.openwall.com/lists/oss-security/2024/01/24/6", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, ], }, }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:git_server:*:*:*:*:*:jenkins:*:*", matchCriteriaId: "683B2B65-ECBB-4DE9-9680-8ECC929F74B7", versionEndIncluding: "99.va_0826a_b_cdfa_d", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.", }, { lang: "es", value: "El complemento del servidor Jenkins Git 99.va_0826a_b_cdfa_d y versiones anteriores no desactiva una función de su analizador de comandos que reemplaza un carácter '@' seguido de una ruta de archivo en un argumento con el contenido del archivo, permitiendo a atacantes con permiso general/lectura leer contenido de archivos arbitrarios en el sistema de archivos del controlador Jenkins.", }, ], id: "CVE-2024-23899", lastModified: "2024-01-31T18:43:39.183", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-24T18:15:09.467", references: [ { source: "jenkinsci-cert@googlegroups.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { source: "jenkinsci-cert@googlegroups.com", tags: [ "Vendor Advisory", ], url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], sourceIdentifier: "jenkinsci-cert@googlegroups.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }, }, }, }
ghsa-vph5-2q33-7r9h
Vulnerability from github
Published
2024-01-24 18:31
Modified
2024-01-31 21:45
Severity ?
Summary
Arbitrary file read vulnerability in Git server Plugin can lead to RCE
Details
Jenkins Git server Plugin uses the args4j library to parse command arguments and options on the Jenkins controller when processing Git commands received via SSH. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable it.
This allows attackers with Overall/Read permission to read the first two lines of arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process.
See SECURITY-3314 for further information about the potential impact of being able to read files on the Jenkins controller, as well as the limitations for reading binary files. Note that for this issue, unlike SECURITY-3314, attackers need Overall/Read permission.
Fix Description
Git server Plugin 99.101.v720e86326c09 disables the command parser feature that replaces an @ character followed by a file path in an argument with the file’s contents for CLI commands.
Workaround
Navigate to Manage Jenkins » Security and ensure that the SSHD Port setting in the SSH Server section is set to Disable. This disables access to Git repositories hosted by Jenkins (and the Jenkins CLI) via SSH.
{ affected: [ { package: { ecosystem: "Maven", name: "org.jenkins-ci.plugins:git-server", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "99.101.v720e86326c09", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-23899", ], database_specific: { cwe_ids: [], github_reviewed: true, github_reviewed_at: "2024-01-24T21:45:58Z", nvd_published_at: "2024-01-24T18:15:09Z", severity: "HIGH", }, details: "Jenkins Git server Plugin uses the [args4j](https://github.com/kohsuke/args4j) library to parse command arguments and options on the Jenkins controller when processing Git commands received via SSH. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (`expandAtFiles`). This feature is enabled by default and Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable it.\n\nThis allows attackers with Overall/Read permission to read the first two lines of arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process.\n\nSee [SECURITY-3314](https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314) for further information about the potential impact of being able to read files on the Jenkins controller, as well as the [limitations for reading binary files](https://www.jenkins.io/security/advisory/2024-01-24/#binary-files-note). Note that for this issue, unlike SECURITY-3314, attackers need Overall/Read permission.\n\n## Fix Description\nGit server Plugin 99.101.v720e86326c09 disables the command parser feature that replaces an @ character followed by a file path in an argument with the file’s contents for CLI commands.\n\n## Workaround\nNavigate to Manage Jenkins » Security and ensure that the SSHD Port setting in the SSH Server section is set to Disable. This disables access to Git repositories hosted by Jenkins (and the Jenkins CLI) via SSH.", id: "GHSA-vph5-2q33-7r9h", modified: "2024-01-31T21:45:31Z", published: "2024-01-24T18:31:02Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", }, { type: "WEB", url: "https://github.com/jenkinsci/git-server-plugin/commit/068ac7cc2574882ef9f5a486e001228a71d881ad", }, { type: "PACKAGE", url: "https://github.com/jenkinsci/git-server-plugin", }, { type: "WEB", url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], summary: "Arbitrary file read vulnerability in Git server Plugin can lead to RCE", }
fkie_cve-2024-23899
Vulnerability from fkie_nvd
Published
2024-01-24 18:15
Modified
2024-11-21 08:58
Severity ?
Summary
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jenkinsci-cert@googlegroups.com | http://www.openwall.com/lists/oss-security/2024/01/24/6 | Mailing List, Third Party Advisory | |
| jenkinsci-cert@googlegroups.com | https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/01/24/6 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jenkins | git_server | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:git_server:*:*:*:*:*:jenkins:*:*", matchCriteriaId: "683B2B65-ECBB-4DE9-9680-8ECC929F74B7", versionEndIncluding: "99.va_0826a_b_cdfa_d", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.", }, { lang: "es", value: "El complemento del servidor Jenkins Git 99.va_0826a_b_cdfa_d y versiones anteriores no desactiva una función de su analizador de comandos que reemplaza un carácter '@' seguido de una ruta de archivo en un argumento con el contenido del archivo, permitiendo a atacantes con permiso general/lectura leer contenido de archivos arbitrarios en el sistema de archivos del controlador Jenkins.", }, ], id: "CVE-2024-23899", lastModified: "2024-11-21T08:58:40.040", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-24T18:15:09.467", references: [ { source: "jenkinsci-cert@googlegroups.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { source: "jenkinsci-cert@googlegroups.com", tags: [ "Vendor Advisory", ], url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", }, ], sourceIdentifier: "jenkinsci-cert@googlegroups.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.