RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3299)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3299 advisory. google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692) kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178) jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877) springframework: Authorization Bypass in RegexRequestMatcher (CVE-2022-22978) com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647) xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151) woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152) apache-commons-text: variable interpolation RCE (CVE-2022-42889) jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422) Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998) jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761) jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762) Jenkins: Denial of Service attack (CVE-2023-27900, CVE-2023-27901) Jenkins: Workspace temporary directories accessible through…Read More