Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-2252 CVE-2020-2254 CVE-2020-2255 CVE-2020-2252 CVE-2020-2254 CVE-2020-2255 CVE-2020-2252 CVE-2020-2254 CVE-2020-2255

Source

Synopsis

Moderate: OpenShift Container Platform 3.11.318 jenkins-2-plugins security update

Type/Severity

Security Advisory: Moderate

Topic

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM (CVE-2020-2252)
jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files (CVE-2020-2254)
jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests (CVE-2020-2255)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

See the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully
apply this asynchronous errata update:

https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.

Affected Products

Red Hat OpenShift Container Platform 3.11 x86_64
Red Hat OpenShift Container Platform for Power 3.11 ppc64le

Fixes

BZ - 1880454 - CVE-2020-2252 jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM
BZ - 1880456 - CVE-2020-2254 jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files
BZ - 1880460 - CVE-2020-2255 jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests.

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook