RHSA-2020:3841: Important: OpenShift Container Platform 4.5.13 jenkins security update
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.Security Fix(es): jetty: double release of resource can lead to information disclosure (CVE-2019-17638) jenkins: user-specified tooltip values leads to stored cross-site scripting (CVE-2020-2229) jenkins: stored XSS vulnerability in project naming strategy (CVE-2020-2230) jenkins: stored XSS vulnerability in 'trigger builds remotely' (CVE-2020-2231) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:3841?
The severity of RHSA-2020:3841 is classified as important due to potential information disclosure.
How do I fix RHSA-2020:3841?
To fix RHSA-2020:3841, update the Jenkins package to version 2.235.5.1600414805-1.el7 or later.
What vulnerabilities are addressed in RHSA-2020:3841?
RHSA-2020:3841 addresses vulnerabilities including CVE-2019-17638 which can lead to information disclosure.
Which versions of Jenkins are affected by RHSA-2020:3841?
Jenkins versions prior to 2.235.5.1600414805-1.el7 are affected by RHSA-2020:3841.
Is RHSA-2020:3841 related to other vulnerabilities?
Yes, RHSA-2020:3841 is related to CVE-2019-17638 and other user-specific vulnerabilities in Jenkins.