Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift_container_platform
(Redhat)| Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/torvalds/linux • https://github.com/Perl/perl5 • https://github.com/evanphx/json-patch • https://github.com/ansible/ansible |
| #Vulnerabilities | 229 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-03-08 | CVE-2019-1003034 | A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. | Job_dsl, Openshift_container_platform | 9.9 | ||
| 2019-03-28 | CVE-2019-1003040 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | Script_security, Openshift_container_platform | 9.8 | ||
| 2019-03-28 | CVE-2019-1003041 | A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | Pipeline\:_groovy, Openshift_container_platform | 9.8 | ||
| 2019-04-10 | CVE-2019-1003049 | Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. | Jenkins, Communications_cloud_native_core_automated_test_suite, Openshift_container_platform | 8.1 | ||
| 2019-04-10 | CVE-2019-1003050 | The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. | Jenkins, Communications_cloud_native_core_automated_test_suite, Openshift_container_platform | 5.4 | ||
| 2019-07-17 | CVE-2019-10354 | A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information. | Jenkins, Openshift_container_platform | 4.3 | ||
| 2019-07-31 | CVE-2019-10355 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of type casts allowed attackers to execute arbitrary code in sandboxed scripts. | Script_security, Openshift_container_platform | 8.8 | ||
| 2019-07-31 | CVE-2019-10356 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. | Script_security, Openshift_container_platform | 8.8 | ||
| 2019-07-31 | CVE-2019-10357 | A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries. | Pipeline\:shared_groovy_libraries, Openshift_container_platform | 4.3 | ||
| 2019-08-28 | CVE-2019-10384 | Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. | Jenkins, Communications_cloud_native_core_automated_test_suite, Openshift_container_platform | 8.8 |