VDB
WID-SEC-W-2023-0432
WID-SEC-W-2023-0432
PUBLISHED
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder einen Cross-Site-Scripting-Angriff durchzuführen.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins Jenkins plugins | ||
| Red Hat Enterprise Linux | ||
| Red Hat OpenShift Container Platform 4.12 | ||
| Jenkins Jenkins < LTS 2.303.2 | ||
| Jenkins Jenkins < 2.315 |
Timeline
- Oct 6, 2021 CVE Published
- Feb 20, 2023 CVE Updated
- Apr 2, 2026 Distribution Patch
- Apr 2, 2026 Distribution Patch
- Apr 2, 2026 Distribution Patch
References
- https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-0432.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0432 advisory
- https://access.redhat.com/errata/RHSA-2023:0769 url
- https://www.jenkins.io/security/advisory/2021-10-06/ url
- https://access.redhat.com/errata/RHSA-2022:0055 url
- https://access.redhat.com/errata/RHSA-2022:0056 url