The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory. google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692) SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471) http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048) snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857) Jenkins plugin: CSRF vulnerability in Script Security Plugin (CVE-2022-30946) Jenkins plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin (CVE-2022-30952) Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953) Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954) jenkins: Observable timing discrepancy allows determining username validity (CVE-2022-34174) jenkins-plugin: Cross-site Request Forgery (CSRF) in org.jenkins-ci.plugins:git (CVE-2022-36882) jenkins plugin: Lack of authentication mechanism in Git Plugin webhook (CVE-2022-36883, CVE-2022-36884) jenkins plugin: Non-constant time webhook signature comparison in GitHub Plugin (CVE-2022-36885) jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43401, CVE-2022-43403, CVE-2022-43404) …Read More