Action not permitted
Modal body text goes here.
cve-2024-34145
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Jenkins Project | Jenkins Script Security Plugin |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*" ], "defaultStatus": "unknown", "product": "script_security", "vendor": "jenkins", "versions": [ { "lessThanOrEqual": "1335.vf07d9ce377a_e", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-34145", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-02T15:32:34.219525Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-06T18:23:32.356Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:43:00.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Jenkins Security Advisory 2024-05-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Jenkins Script Security Plugin", "vendor": "Jenkins Project", "versions": [ { "lessThanOrEqual": "1335.vf07d9ce377a_e", "status": "affected", "version": "0", "versionType": "maven" } ] } ], "descriptions": [ { "lang": "en", "value": "A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM." } ], "providerMetadata": { "dateUpdated": "2024-05-02T13:28:03.965Z", "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins" }, "references": [ { "name": "Jenkins Security Advisory 2024-05-02", "tags": [ "vendor-advisory" ], "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" } ] } }, "cveMetadata": { "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2024-34145", "datePublished": "2024-05-02T13:28:03.965Z", "dateReserved": "2024-04-30T20:53:08.612Z", "dateUpdated": "2024-08-02T02:43:00.455Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-34145\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2024-05-02T14:15:10.330\",\"lastModified\":\"2024-07-03T01:59:26.520\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de omisi\u00f3n de la sandbox que involucra clases definidas en la sandbox que ocultan clases espec\u00edficas no definidas en la sandbox en Jenkins Script Security Plugin 1335.vf07d9ce377a_e y versiones anteriores permite a atacantes con permiso para definir y ejecutar scripts en la sandbox, incluidos Pipelines, para eludir la protecci\u00f3n de la sandbox y ejecutar de forma arbitraria. c\u00f3digo en el contexto de la JVM del controlador Jenkins.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/05/02/3\",\"source\":\"jenkinsci-cert@googlegroups.com\"},{\"url\":\"https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341\",\"source\":\"jenkinsci-cert@googlegroups.com\"}]}}" } }
rhsa-2024_3636
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors the execution of\nrecurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read\nvulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted\nconstructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined\nclasses (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization\n(CVE-2024-28149)\n\n* jetty: Stops accepting new connections from valid clients\n(CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)\n(CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the\nprotojson.Unmarshal function causes an infinite loop in the\nencoding/protojson and internal/encoding/json packages of Golang-protobuf\n(CVE-2024-24786).\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal\nvulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS\nscores, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3636", "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3636.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update", "tracking": { "current_release_date": "2024-11-15T21:14:59+00:00", "generator": { "date": "2024-11-15T21:14:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:3636", "initial_release_date": "2024-06-05T14:46:12+00:00", "revision_history": [ { "date": "2024-06-05T14:46:12+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-05T14:46:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T21:14:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.13", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716445150-3.el8.src", "product": { "name": "jenkins-0:2.440.3.1716445150-3.el8.src", "product_id": "jenkins-0:2.440.3.1716445150-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716445150-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", "product_id": "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716445150-3.el8.noarch", "product": { "name": "jenkins-0:2.440.3.1716445150-3.el8.noarch", "product_id": "jenkins-0:2.440.3.1716445150-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716445150-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716445150-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch" }, "product_reference": "jenkins-0:2.440.3.1716445150-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716445150-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src" }, "product_reference": "jenkins-0:2.440.3.1716445150-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.13" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-23899", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260183" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server\u0027s file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23899" }, { "category": "external", "summary": "RHBZ#2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23899", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability" }, { "cve": "CVE-2024-23900", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260184" } ], "notes": [ { "category": "description", "text": "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23900" }, { "category": "external", "summary": "RHBZ#2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23900", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability" }, { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28149", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268227" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28149" }, { "category": "external", "summary": "RHBZ#2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28149", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301" } ], "release_date": "2024-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin" }, { "cve": "CVE-2024-34144", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278820" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34144" }, { "category": "external", "summary": "RHBZ#2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34144" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies" }, { "cve": "CVE-2024-34145", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278821" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34145" }, { "category": "external", "summary": "RHBZ#2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34145", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes" } ] }
rhsa-2024_3635
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read vulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted constructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined classes (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization (CVE-2024-28149)\n\n* Jetty: Stops accepting new connections from valid clients (CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the protojson.Unmarshal function causes an infinite loop in the encoding/protojson and internal/encoding/json packages of Golang-protobuf (CVE-2024-24786)\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal vulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS scores, acknowledgments, and other related information, refer to the CVE page listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3635", "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3635.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update", "tracking": { "current_release_date": "2024-11-15T21:14:49+00:00", "generator": { "date": "2024-11-15T21:14:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:3635", "initial_release_date": "2024-06-05T14:47:22+00:00", "revision_history": [ { "date": "2024-06-05T14:47:22+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-05T14:47:22+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T21:14:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.12", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716445200-3.el8.src", "product": { "name": "jenkins-0:2.440.3.1716445200-3.el8.src", "product_id": "jenkins-0:2.440.3.1716445200-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716445200-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", "product_id": "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716445200-3.el8.noarch", "product": { "name": "jenkins-0:2.440.3.1716445200-3.el8.noarch", "product_id": "jenkins-0:2.440.3.1716445200-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716445200-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716445200-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch" }, "product_reference": "jenkins-0:2.440.3.1716445200-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716445200-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src" }, "product_reference": "jenkins-0:2.440.3.1716445200-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.12" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-23899", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260183" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server\u0027s file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23899" }, { "category": "external", "summary": "RHBZ#2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23899", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability" }, { "cve": "CVE-2024-23900", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260184" } ], "notes": [ { "category": "description", "text": "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23900" }, { "category": "external", "summary": "RHBZ#2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23900", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability" }, { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28149", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268227" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28149" }, { "category": "external", "summary": "RHBZ#2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28149", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301" } ], "release_date": "2024-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin" }, { "cve": "CVE-2024-34144", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278820" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34144" }, { "category": "external", "summary": "RHBZ#2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34144" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies" }, { "cve": "CVE-2024-34145", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278821" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34145" }, { "category": "external", "summary": "RHBZ#2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34145", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes" } ] }
rhsa-2024_4597
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools\n4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.\n\nSecurity Fix(es):\n\n* jenkins-plugin/script-security: Sandbox bypass via sandbox-defined classes (CVE-2024-34145)\n\n* jenkins-plugin/script-security: Sandbox bypass via crafted constructor bodies (CVE-2024-34144)\n\n* jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin (CVE-2024-28149)\n\n* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)\n\n* jetty: Stop accepting new connections from valid clients (CVE-2024-22201)\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\n* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)\n\n* jenkins-2-plugins: matrix-project plugin path traversal vulnerability (CVE-2024-23900)\n\n* runc: File descriptor leak (CVE-2024-21626, Leaky-Vessels)\n\n* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4597", "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2258725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258725" }, { "category": "external", "summary": "2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4597.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update", "tracking": { "current_release_date": "2024-11-15T21:15:32+00:00", "generator": { "date": "2024-11-15T21:15:32+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:4597", "initial_release_date": "2024-07-17T18:49:17+00:00", "revision_history": [ { "date": "2024-07-17T18:49:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-07-17T18:49:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T21:15:32+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.15", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.15", "product_id": "8Base-OCP-Tools-4.15", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1718879390-3.el8.src", "product": { "name": "jenkins-0:2.440.3.1718879390-3.el8.src", "product_id": "jenkins-0:2.440.3.1718879390-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1718879390-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", "product_id": "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1718879390-3.el8.noarch", "product": { "name": "jenkins-0:2.440.3.1718879390-3.el8.noarch", "product_id": "jenkins-0:2.440.3.1718879390-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1718879390-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1718879390-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15", "product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch" }, "product_reference": "jenkins-0:2.440.3.1718879390-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.15" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1718879390-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15", "product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src" }, "product_reference": "jenkins-0:2.440.3.1718879390-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.15" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15", "product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.15" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15", "product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.15" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "acknowledgments": [ { "names": [ "The Snyk Reseacher Team" ] } ], "cve": "CVE-2024-21626", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-01-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2258725" } ], "notes": [ { "category": "description", "text": "A file descriptor leak issue was found in the runc package. While a user performs `O_CLOEXEC` all file descriptors before executing the container code, the file descriptor is open when performing `setcwd(2)`, which means that the reference can be kept alive in the container by configuring the working directory to be a path resolved through the file descriptor. The non-dumpable bit is unset after `execve`, meaning there are multiple ways to attack this other than bad configurations. The only way to defend against it entirely is to close all unneeded file descriptors.", "title": "Vulnerability description" }, { "category": "summary", "text": "runc: file descriptor leak", "title": "Vulnerability summary" }, { "category": "other", "text": "These vulnerabilities not only enable malicious actors to escape containerized environments but also allow for full control over the underlying host system. With the widespread adoption of containerization technologies in both development and production environments, such exploits pose significant risks to data integrity, confidentiality, and system stability.\n\nOpenShift Container Platform ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack, and disabling SELinux on the Openshift container platform is not supported. Hence, the impact of the Openshift Container Platform is reduced to Moderate.\n\nFor multicluster-engine (MCE) vulnerable versions of buildkit and runc are part of installed version of oc. However, they are not affecting the higher-level assisted-installer binary in MCE. The presence of these dependencies in the container does not imply a security risk to the containerized application itself, as it is based on low-level packages included in the oc binary, and the impact to the container\u0027s core functionality is minimal.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21626" }, { "category": "external", "summary": "RHBZ#2258725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258725" }, { "category": "external", "summary": "RHSB-2024-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21626", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21626" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21626" }, { "category": "external", "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv" } ], "release_date": "2024-01-31T20:01:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "category": "workaround", "details": "Red Hat Enterprise Linux (RHEL) and OpenShift ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack. Dockerfiles can be inspected on the \u0027RUN\u0027\u00a0and \u0027WORKDIR\u0027 directives to ensure that there are no escapes or malicious paths, which are an indication of compromise. Limiting access and only using trusted container images can help prevent unauthorized access and malicious attacks.", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "runc: file descriptor leak" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-23899", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260183" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server\u0027s file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23899" }, { "category": "external", "summary": "RHBZ#2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23899", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability" }, { "cve": "CVE-2024-23900", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260184" } ], "notes": [ { "category": "description", "text": "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23900" }, { "category": "external", "summary": "RHBZ#2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23900", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability" }, { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28149", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268227" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28149" }, { "category": "external", "summary": "RHBZ#2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28149", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301" } ], "release_date": "2024-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin" }, { "cve": "CVE-2024-34144", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278820" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34144" }, { "category": "external", "summary": "RHBZ#2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34144" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies" }, { "cve": "CVE-2024-34145", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278821" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34145" }, { "category": "external", "summary": "RHBZ#2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34145", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes" } ] }
rhsa-2024_3634
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors the execution of\nrecurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read\nvulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted\nconstructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined\nclasses (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization\n(CVE-2024-28149)\n\n* jetty: Stops accepting new connections from valid clients\n(CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)\n(CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the\nprotojson.Unmarshal function causes an infinite loop in the\nencoding/protojson and internal/encoding/json packages of Golang-protobuf\n(CVE-2024-24786)\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal\nvulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS\nscores, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3634", "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3634.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update", "tracking": { "current_release_date": "2024-11-15T21:14:39+00:00", "generator": { "date": "2024-11-15T21:14:39+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:3634", "initial_release_date": "2024-06-05T14:47:02+00:00", "revision_history": [ { "date": "2024-06-05T14:47:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-05T14:47:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T21:14:39+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.14", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716387933-3.el8.src", "product": { "name": "jenkins-0:2.440.3.1716387933-3.el8.src", "product_id": "jenkins-0:2.440.3.1716387933-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716387933-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", "product_id": "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716387933-3.el8.noarch", "product": { "name": "jenkins-0:2.440.3.1716387933-3.el8.noarch", "product_id": "jenkins-0:2.440.3.1716387933-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716387933-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716387933-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch" }, "product_reference": "jenkins-0:2.440.3.1716387933-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716387933-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src" }, "product_reference": "jenkins-0:2.440.3.1716387933-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.14" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-23899", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260183" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server\u0027s file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23899" }, { "category": "external", "summary": "RHBZ#2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23899", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability" }, { "cve": "CVE-2024-23900", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260184" } ], "notes": [ { "category": "description", "text": "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23900" }, { "category": "external", "summary": "RHBZ#2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23900", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability" }, { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28149", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268227" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28149" }, { "category": "external", "summary": "RHBZ#2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28149", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301" } ], "release_date": "2024-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin" }, { "cve": "CVE-2024-34144", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278820" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34144" }, { "category": "external", "summary": "RHBZ#2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34144" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies" }, { "cve": "CVE-2024-34145", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278821" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34145" }, { "category": "external", "summary": "RHBZ#2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34145", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes" } ] }
ghsa-2g4q-9vm9-9fw4
Vulnerability from github
Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be allowed.
Multiple sandbox bypass vulnerabilities exist in Script Security Plugin 1335.vf07d9ce377a_e and earlier:
-
Crafted constructor bodies that invoke other constructors can be used to construct any subclassable type via implicit casts.
-
Sandbox-defined Groovy classes that shadow specific non-sandbox-defined classes can be used to construct any subclassable type.
These vulnerabilities allow attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.jenkins-ci.plugins:script-security" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1336.vf33a" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-34145" ], "database_specific": { "cwe_ids": [ "CWE-290" ], "github_reviewed": true, "github_reviewed_at": "2024-05-03T20:17:37Z", "nvd_published_at": "2024-05-02T14:15:10Z", "severity": "HIGH" }, "details": "Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be allowed.\n\nMultiple sandbox bypass vulnerabilities exist in Script Security Plugin 1335.vf07d9ce377a_e and earlier:\n\n- Crafted constructor bodies that invoke other constructors can be used to construct any subclassable type via implicit casts.\n\n- Sandbox-defined Groovy classes that shadow specific non-sandbox-defined classes can be used to construct any subclassable type.\n\nThese vulnerabilities allow attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "id": "GHSA-2g4q-9vm9-9fw4", "modified": "2024-07-03T20:10:05Z", "published": "2024-05-02T15:30:35Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Jenkins Script Security Plugin sandbox bypass vulnerability" }
wid-sec-w-2024-1018
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterst\u00fctzung bei Softwareentwicklungen aller Art.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um beliebigen Code im Kontext des Dienstes auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1018 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1018.json" }, { "category": "self", "summary": "WID-SEC-2024-1018 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1018" }, { "category": "external", "summary": "Jenkins Security Advisory vom 2024-05-02", "url": "https://www.jenkins.io/security/advisory/2024-05-02/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3634 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3636 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3636" } ], "source_lang": "en-US", "title": "Jenkins: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-06-05T22:00:00.000+00:00", "generator": { "date": "2024-06-06T08:36:07.150+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-1018", "initial_release_date": "2024-05-02T22:00:00.000+00:00", "revision_history": [ { "date": "2024-05-02T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-06-05T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Git server Plugin \u003c117.veb_68868fa_027", "product": { "name": "Jenkins Jenkins Git server Plugin \u003c117.veb_68868fa_027", "product_id": "T034519", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:git_server_plugin__117.veb_68868fa_027" } } }, { "category": "product_version_range", "name": "Script Security Plugin \u003c1336.vf33a_a_9863911", "product": { "name": "Jenkins Jenkins Script Security Plugin \u003c1336.vf33a_a_9863911", "product_id": "T034520", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:script_security_plugin__1336.vf33a_a_9863911" } } }, { "category": "product_version_range", "name": "Subversion Partial Release Manager Plugin \u003c=1.0.1", "product": { "name": "Jenkins Jenkins Subversion Partial Release Manager Plugin \u003c=1.0.1", "product_id": "T034521", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:subversion_partial_release_manager_plugin__1.0.1" } } }, { "category": "product_version_range", "name": "Telegram Bot Plugin \u003c=1.4.0", "product": { "name": "Jenkins Jenkins Telegram Bot Plugin \u003c=1.4.0", "product_id": "T034522", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:telegram_bot_plugin__1.4.0" } } } ], "category": "product_name", "name": "Jenkins" } ], "category": "vendor", "name": "Jenkins" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-34144", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen im Script Security Plugin aufgrund eines unsachgem\u00e4\u00dfen Sandbox-Schutzes, der es erlaubt, Skripte mit Sandbox zu definieren und auszuf\u00fchren. Ein entfernter, authentifizierter Angreifer kann den Sandbox-Schutz umgehen und beliebigen Code im Kontext der Jenkins-Controller-JVM ausf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-05-02T22:00:00Z", "title": "CVE-2024-34144" }, { "cve": "CVE-2024-34145", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Jenkins. Diese Fehler bestehen im Script Security Plugin aufgrund eines unsachgem\u00e4\u00dfen Sandbox-Schutzes, der es erlaubt, Skripte mit Sandbox zu definieren und auszuf\u00fchren. Ein entfernter, authentifizierter Angreifer kann den Sandbox-Schutz umgehen und beliebigen Code im Kontext der Jenkins-Controller-JVM ausf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-05-02T22:00:00Z", "title": "CVE-2024-34145" }, { "cve": "CVE-2024-34146", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Jenkins. Dieser Fehler besteht im Git-Server-Plugin aufgrund einer unzureichenden Berechtigungspr\u00fcfung, die den Zugriff auf Git-Repositories erm\u00f6glicht. Ein entfernter, anonymer Angreifer mit einem zuvor konfigurierten \u00f6ffentlichen SSH-Schl\u00fcssel kann die Sicherheitsma\u00dfnahmen umgehen." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2024-05-02T22:00:00Z", "title": "CVE-2024-34146" }, { "cve": "CVE-2024-34147", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Jenkins. Dieser Fehler besteht im Telegram Bot Plugin, da unverschl\u00fcsselte Token in der globalen Konfigurationsdatei gespeichert werden. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "67646" ], "last_affected": [ "T034522" ] }, "release_date": "2024-05-02T22:00:00Z", "title": "CVE-2024-34147" }, { "cve": "CVE-2024-34148", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Jenkins. Dieser Fehler besteht aufgrund eines falschen Patches f\u00fcr eine fr\u00fchere Schwachstelle im Subversion Partial Release Manager Plugin, der es erm\u00f6glicht, den Sicherheitsschutz zu deaktivieren. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646" ], "last_affected": [ "T034521" ] }, "release_date": "2024-05-02T22:00:00Z", "title": "CVE-2024-34148" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.