RHSA-2020:4223: Important: OpenShift Container Platform 3.11.306 jenkins security update
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.<br>Security Fix(es):<br><li> jetty: Double release of resource can lead to information disclosure (CVE-2019-17638)</li> <li> jenkins: User-specified tooltip values leads to stored cross-site scripting (CVE-2020-2229)</li> <li> jenkins: Stored XSS vulnerability in project naming strategy (CVE-2020-2230)</li> <li> jenkins: Stored XSS vulnerability in 'trigger builds remotely' (CVE-2020-2231)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:4223?
The severity of RHSA-2020:4223 is classified as important.
What vulnerabilities are addressed by RHSA-2020:4223?
RHSA-2020:4223 addresses CVE-2019-17638, which involves a double release of resources leading to information disclosure.
How do I fix RHSA-2020:4223?
To fix RHSA-2020:4223, update Jenkins to version 2.235.5.1600415953-1.el7 or later.
Which versions of Jenkins are affected by RHSA-2020:4223?
RHSA-2020:4223 affects versions of Jenkins prior to 2.235.5.1600415953-1.el7.
What is the risk of not addressing RHSA-2020:4223?
Not addressing RHSA-2020:4223 may expose the system to potential information disclosure vulnerabilities.