Описание
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.
Отчет
For Openshift, Jenkins is used within the infrastructure and deployment in OCP. The package is delivered within the technology but not used by default in production environments. It requires additional configuration in running environments which would be mainly use on testing applications being deployed. The update is in the latest version released with Red Hat OpenShift 3.11.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.3 | jenkins-plugin-junit | Will not fix | ||
| Red Hat OpenShift Container Platform 3.4 | jenkins-plugin-junit | Will not fix | ||
| Red Hat OpenShift Container Platform 3.5 | jenkins-plugin-junit | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins-2-plugins | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result.
EPSS
4.3 Medium
CVSS3