Security advisory
Security advisory
-
CloudBees Security Advisory 2020-05-26
This advisory announces vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform and CloudBees Core.
Plugin modifications
-
Jenkins LTS
Upgraded Jenkins LTS from
2.222.2-cb-3
to2.222.4-cb-1
-
Upgraded OWASP Markup Formatter Plugin from
1.8
to2.0
-
Upgraded Blue Ocean Plugin from
1.22.0
to1.23.2
-
Upgraded Bitbucket Pipeline for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Common API for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Config API for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Common javascript libraries/utilities for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Dashboard for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Events API for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Git Pipeline for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded GitHub Pipeline for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded i18n for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded JIRA Integration for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded JWT for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Personalization for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Pipeline REST API for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Blue Ocean Pipeline Editor from
1.22.0
to1.23.2
-
Upgraded Pipeline SCM API for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded REST API for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded REST Implementation for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Web for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Branch API Plugin from
2.5.5
to2.5.6
-
Upgraded CloudBees Analytics Plugin from
1.13
to1.16
-
Upgraded CloudBees Assurance Plugin from
2.138.0.12
to2.138.0.13
-
Upgraded CloudBees CyberArk Credentials Provider Plugin from
1.0.4
to1.0.5
-
Upgraded CloudBees Even Scheduler Plugin from
3.9
to3.10
-
Upgraded CloudBees Folders Plugin from
6.10.1
to6.12
-
Upgraded Jenkins Health Advisor by CloudBees Plugin from
3.0.1
to3.1.0
-
Upgraded CloudBees Fast Archiving Plugin from
5.11
to5.12
-
Upgraded CloudBees Label Throttling Plugin from
3.7
to3.8
-
Upgraded CloudBees Monitoring Plugin from
2.8
to2.9
-
Upgraded CloudBees Nodes Plus Plugin from
1.19
to1.20
-
Upgraded CloudBees SSH Build Agents Plugin from
2.6
to2.7
-
Upgraded CloudBees Template Plugin from
4.44
to4.45
-
Upgraded CloudBees Pipeline: Templates Plugin from
3.5
to3.6
-
Upgraded Jenkins Configuration as Code Plugin from
1.36
to1.40
-
Upgraded Copy Artifact Plugin from
1.43.1
to1.44
-
Upgraded Credentials Plugin from
2.3.3
to2.3.7
-
Upgraded Credentials Binding Plugin from
1.21
to1.23
-
Upgraded Declarative Pipeline Migration Assistant from
1.0.3
to1.1.1
-
Upgraded Declarative Pipeline Migration Assistant API from
1.0.3
to1.1.1
-
Upgraded Amazon EC2 Plugin from
1.49.1
to1.50.2
-
Upgraded CloudBees Flow from
1.1.12
to1.1.14
-
Upgraded GitHub API Plugin from
1.106
to1.111
-
Upgraded GitHub Branch Source Plugin from
2.6.0
to2.7.1
-
Upgraded UI library for Blue Ocean from
1.22.0
to1.23.2
-
Upgraded Kube Agent Management Plugin from
1.1.31
to1.1.32
-
Upgraded Kubernetes Plugin from
1.25.2
to1.25.4
-
Upgraded Kubernetes Client API Plugin from
4.8.0-1
to4.9.1-1
-
Upgraded LDAP Plugin from
1.21
to1.24
-
Upgraded Mailer Plugin from
1.30
to1.31
-
Upgraded Maven Plugin from
3.4
to3.6
-
Upgraded Mercurial Plugin from
2.8
to2.9
-
Upgraded CloudBees OpenShift CLI plugin from
1.6
to1.7
-
Upgraded Operations Center Agent Plugin from
2.222.0.2
to2.222.0.3
-
Upgraded Operations Center Analytics Configuration from
2.107.1.5
to2.222.0.1
-
Upgraded Operations Center Analytics Reporter Plugin from
2.107.1.5
to2.222.0.1
-
Upgraded Operations Center Client Plugin from
2.222.0.3
to2.222.0.5
-
Upgraded Operations Center Context Plugin from
2.222.0.3
to2.222.0.4
-
Upgraded Run Condition Plugin from
1.2
to1.3
-
Upgraded Support Core Plugin from
2.67
to2.68
-
Upgraded CloudBees WikiText Security Plugin from
3.12
to3.13
-
Upgraded Pipeline Job Plugin from
2.38
to2.39
-
Upgraded Pipeline SCM Step Plugin from
2.10
to2.11
Compatible plugins
-
1.50.2 compatible optional
-
CloudBees Docker Build and Publish plugin
1.3.2 compatible optional
-
2.5 compatible optional
-
Jenkins Health Advisor by CloudBees
3.1.0 compatible optional
-
2.11 compatible optional
-
Pipeline SCM API for Blue Ocean
1.23.2 compatible optional
-
1.44 compatible optional
-
2.9 compatible optional
-
1.23.2 compatible optional
-
1.3.1 compatible optional
-
Pipeline: Declarative Extension Points API
1.6.0 compatible optional
-
1.1.14 compatible optional
-
2.69 compatible optional
-
GitHub Pipeline for Blue Ocean
1.23.2 compatible optional
-
1.22 compatible optional
-
External Monitor Job Type Plugin
1.7 compatible optional
-
1.23.2 compatible optional
-
Matrix Authorization Strategy Plugin
2.5 compatible optional
-
2.22 compatible installed by default
-
1.14 compatible optional
-
3.0.15 compatible optional
-
CloudBees AWS Credentials Plugin
1.28 compatible optional
-
1.0.5 compatible optional
-
3.6 compatible optional
-
1.4 compatible installed by default
-
1.13 compatible optional
-
2.13 compatible optional
-
1.23.2 compatible optional
-
2.21 compatible optional
-
Bitbucket Branch Source Plugin
2.7.0 compatible optional
-
Personalization for Blue Ocean
1.23.2 compatible optional
-
1.40 compatible optional
-
1.23.2 compatible optional
-
1.23.2 compatible optional
-
3.4 compatible optional
-
1.2 compatible optional
-
REST Implementation for Blue Ocean
1.23.2 compatible optional
-
JavaScript GUI Lib: ACE Editor bundle plugin
1.1 compatible optional
-
1.23.2 compatible installed by default
-
1.23 compatible optional
-
Pipeline implementation for Blue Ocean
1.23.2 compatible optional
-
0.6.2 compatible optional
-
2.13 compatible optional
-
0.4 compatible optional
-
JIRA Integration for Blue Ocean
1.23.2 compatible optional
-
2.3.0.1 compatible installed by default
-
1.6.0 compatible optional
-
1.8 compatible optional
-
2.2.0 compatible optional
-
2.3.1 compatible optional
-
1.5.1 compatible optional
-
0.11.5 compatible optional
-
2.11 compatible optional
-
Jenkins Apache HttpComponents Client 4.x API Plugin
4.5.10-2.0 compatible installed by default
-
2.3 compatible optional
-
Pipeline: Declarative Agent API
1.1.1 compatible optional
-
1.11.723 compatible optional
-
Oracle Java SE Development Kit Installer Plugin
1.4 compatible installed by default
-
Jenkins Active Directory plugin
2.16 compatible optional
-
1.23.2 compatible optional
-
2.39 compatible optional
-
JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin
1.2.1 compatible optional
-
Google Kubernetes Engine Plugin
0.8.1 compatible optional
-
Jenkins Parameterized Trigger plugin
2.35.1 compatible optional
-
Handy Uri Templates 2.x API Plugin
2.1.8-1.0 compatible optional
-
1.111 compatible optional
-
1.23.2 compatible optional
-
4.2.0 compatible optional
-
1.2.9 compatible optional
-
Google OAuth Credentials plugin
1.0.0 compatible optional
-
Stack Trace Suppression Plugin
1.5 compatible optional
-
Jenkins promoted builds plugin
3.5 compatible optional
-
CloudBees Docker Hub/Registry Notification
2.4.0 compatible optional
-
1.5.0 compatible optional
-
1.23.2 compatible optional
-
Jenkins JSch dependency plugin
0.1.55.2 compatible optional
-
AWS Global Configuration Plugin
1.3 compatible optional
-
2.18 compatible installed by default
-
1.6.0 compatible optional
-
1.23.2 compatible optional
-
2.40 compatible installed by default
-
Bitbucket Pipeline for Blue Ocean
1.23.2 compatible optional
-
Server Sent Events (SSE) Gateway Plugin
1.23 compatible optional
-
Azure PublisherSettings Credentials Plugin
1.5 compatible optional
-
1.3.6 compatible optional
-
1.19 compatible optional
-
1.23.2 compatible optional
-
2.3.2 compatible optional
-
2.35 compatible optional
-
1.29.5 compatible optional
-
1.6.0 compatible optional
-
1.23.2 compatible optional
-
JavaScript GUI Lib: Handlebars bundle plugin
1.1.1 compatible optional
-
Pipeline: Shared Groovy Libraries
2.16 compatible optional
-
2.68 compatible installed by default
-
1.19.1 compatible optional
-
4.9.1-1 compatible optional
-
1.3 compatible optional
-
1.12.4-1 compatible optional
-
Pipeline Graph Analysis Plugin
1.10 compatible optional
-
1.34 compatible optional
-
2.19 compatible optional
-
Pipeline: GitHub Groovy Libraries
1.0 compatible optional
-
1.23.2 compatible optional
-
1.6 compatible optional
-
2.9.12 compatible optional
-
JavaScript GUI Lib: Moment.js bundle plugin
1.1.1 compatible optional
-
2.80 compatible optional
-
2.12 compatible optional
-
1.2.4 compatible optional
-
1.16 compatible optional
-
0.3.1 compatible optional
Proprietary plugins
-
9.42 proprietary installed by default
-
Operations Center Notification
1.0 proprietary optional
-
1.2 proprietary optional
-
3.22 proprietary optional
-
User Activity Monitoring Plugin
1.1.5 proprietary optional
-
3.9 proprietary installed by default
-
1.20 proprietary optional
-
CloudBees Amazon Web Services Deploy Engine Plugin
1.18 proprietary optional
-
CloudBees Even Scheduler Plugin
3.10 proprietary optional
-
CloudBees Update Center Data API
4.43 proprietary installed by default
-
CloudBees Blue Ocean Default Theme
0.6 proprietary installed by default
-
1.10 proprietary optional
-
Operations Center Analytics Reporter
2.222.0.1 proprietary optional
-
1.7 proprietary optional
-
CloudBees Fast Archiving Plugin
5.12 proprietary optional
-
CloudBees Restart Aborted Builds Plugin
1.13 proprietary optional
-
CloudBees OpenShift CLI Plugin
1.7 proprietary optional
-
CloudBees WikiText Security Plugin
3.13 proprietary optional
-
Beekeeper Upgrade Assistant Plugin
2.138.0.13 proprietary installed by default
-
2.222.0.3 proprietary installed by default
-
2.9 proprietary optional
-
CloudBees Pull Request Builder for GitHub
1.13 proprietary optional
-
CloudBees SSH Build Agents Plugin
2.7 proprietary optional
-
1.16 proprietary installed by default
-
4.45 proprietary optional
-
CloudBees Pipeline: Groovy Checkpoint Plugin
2.10 proprietary optional
-
CloudBees Git Validated Merge Plugin
3.25 proprietary optional
-
CloudBees Amazon AWS CLI Plugin
1.5.12 proprietary optional
-
1.1.32 proprietary optional
-
2.222.0.2 proprietary optional
-
CloudBees Pipeline: Templates Plugin
3.6 proprietary optional
-
CloudBees Administrative Monitors Plugin
1.0.1 proprietary installed by default
-
1.9 proprietary optional
-
CloudBees VMWare Autoscaling Plugin
4.3.9 proprietary optional
-
CloudBees CyberArk Credentials Provider Plugin
1.0.5 proprietary optional
-
CloudBees Jenkins Enterprise License Entitlement Check
8.27 proprietary installed by default
-
Operations Center Client Plugin
2.222.0.5 proprietary installed by default
-
Operations Center Analytics Configuration
2.222.0.1 proprietary optional
-
2.222.0.4 proprietary installed by default
-
CloudBees View Creation Filter Plugin
1.6 proprietary optional
-
CloudBees Label Throttling Plugin
3.8 proprietary optional
-
CloudBees Long-Running Build Plugin
1.14 proprietary optional
-
CloudBees Pipeline Stage View Extensions
2.4 proprietary optional
-
1.2 proprietary optional
-
3.38.18 proprietary optional
-
CloudBees Role-Based Access Control Plugin
5.32 proprietary installed by default
-
1.6 proprietary optional
-
CloudBees Skip Next Build Plugin
4.5 proprietary optional
Verified plugins
-
2.5.6 verified optional
-
2.3.7 verified installed by default
-
1.18.1 verified optional
-
1.23 verified optional
-
2.10.3 verified installed by default
-
1.11 verified optional
-
2.7.1 verified optional
-
1.25.4 verified optional
-
1.31 verified installed by default
-
Declarative Pipeline Migration Assistant API
1.1.1 verified optional
-
1.0.9.0 verified installed by default
-
1.28 verified installed by default
-
1.26.2 verified installed by default
-
1.6 verified optional
-
2.3.2 verified installed by default
-
1.1.5 verified optional
-
4.0.2.6 verified installed by default
-
3.6.3 verified optional
-
1.20 verified installed by default
-
1.31.2 verified optional
-
1.29 verified optional
-
1.3 verified installed by default
-
2.12 verified installed by default
-
2.6.3 verified installed by default
-
1.24 verified optional
-
4.2.1 verified optional
-
Declarative Pipeline Migration Assistant
1.1.1 verified optional
-
1.3.0 verified optional
-
Secure Requester Whitelist Plugin
1.5 verified optional
-
1.5 verified optional
-
1.7.24.3 verified installed by default
-
1.7 verified optional
-
Authentication Tokens API Plugin
1.3 verified optional
-
3.0.0 verified optional
-
1.71 verified installed by default
-
1.9 verified optional
-
1.36 verified optional
-
1.9 verified optional
-
1.11.2 verified optional
-
2.0 verified optional
-
6.12 verified installed by default