Security advisory
Security advisory
-
CloudBees Security Advisory 2020-04-27
This advisory announces vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform and CloudBees Core.
Plugin modifications
-
Jenkins LTS
Upgraded Jenkins LTS from
2.190.30-cb-2
to2.190.31-cb-1
-
Upgraded CloudBees Template Plugin from
4.43
to4.43.1
-
Upgraded Git Plugin from
3.12.1
to3.12.2
-
Upgraded CloudBees Role-Based Access Control Plugin from
5.28
to5.28.1
-
Upgraded CloudBees VMWare Autoscaling Plugin from
4.3.8
to4.3.9
-
Upgraded Run Condition Plugin from
1.0
to1.2
-
Upgraded Script Security Plugin from
1.66.2
to1.66.3
-
Upgraded CloudBees WikiText Security Plugin from
3.9
to3.12
Compatible plugins
-
2.12 compatible optional
-
1.30 compatible optional
-
Oracle Java SE Development Kit Installer Plugin
1.3 compatible installed by default
-
1.11.594 compatible optional
-
CloudBees Docker Build and Publish plugin
1.3.2 compatible optional
-
2.5 compatible optional
-
2.11 compatible optional
-
1.3.1 compatible optional
-
2.74.1 compatible optional
-
2.12 compatible optional
-
External Monitor Job Type Plugin
1.7 compatible optional
-
REST Implementation for Blue Ocean
1.19.0 compatible optional
-
Bitbucket Branch Source Plugin
2.5.0 compatible optional
-
Matrix Authorization Strategy Plugin
2.5 compatible optional
-
1.14 compatible optional
-
Jenkins Health Advisor by CloudBees
3.0.1 compatible optional
-
Jenkins promoted builds plugin
3.0 compatible optional
-
1.0.5 compatible optional
-
2.34 compatible optional
-
1.19.0 compatible optional
-
2.3.0 compatible optional
-
1.13 compatible optional
-
Pipeline: Declarative Extension Points API
1.3.9 compatible optional
-
2.21 compatible optional
-
2.37 compatible installed by default
-
2.35 compatible optional
-
1.19 compatible optional
-
1.2 compatible optional
-
1.19.0 compatible installed by default
-
1.19.0 compatible optional
-
3.0.11 compatible optional
-
Personalization for Blue Ocean
1.19.0 compatible optional
-
JavaScript GUI Lib: ACE Editor bundle plugin
1.1 compatible optional
-
2.68 compatible optional
-
CloudBees AWS Credentials Plugin
1.27 compatible optional
-
2.17 compatible installed by default
-
1.3 compatible installed by default
-
1.21 compatible optional
-
1.3.9 compatible optional
-
1.2 compatible optional
-
GitHub Pipeline for Blue Ocean
1.19.0 compatible optional
-
2.9 compatible optional
-
1.4.1 compatible optional
-
2.3.0.1 compatible installed by default
-
1.30 compatible optional
-
1.19.0 compatible optional
-
1.19.0 compatible optional
-
1.8 compatible optional
-
2.2.0 compatible optional
-
4.6.0-2 compatible optional
-
2.62.1 compatible installed by default
-
1.19.0 compatible optional
-
Jenkins Apache HttpComponents Client 4.x API Plugin
4.5.10-2.0 compatible installed by default
-
2.3 compatible optional
-
Pipeline: Declarative Agent API
1.1.1 compatible optional
-
Jenkins Active Directory plugin
2.16 compatible optional
-
JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin
1.2.1 compatible optional
-
Jenkins Parameterized Trigger plugin
2.35.1 compatible optional
-
1.1.10 compatible optional
-
1.19.0 compatible optional
-
JIRA Integration for Blue Ocean
1.19.0 compatible optional
-
1.19.0 compatible optional
-
1.2.9 compatible optional
-
Stack Trace Suppression Plugin
1.5 compatible optional
-
0.4.1 compatible optional
-
1.19.0 compatible optional
-
1.21 compatible optional
-
CloudBees Docker Hub/Registry Notification
2.4.0 compatible optional
-
1.5.0 compatible optional
-
AWS Global Configuration Plugin
1.3 compatible optional
-
1.19.0 compatible optional
-
1.43 compatible optional
-
Pipeline SCM API for Blue Ocean
1.19.0 compatible optional
-
2.9 compatible optional
-
Azure PublisherSettings Credentials Plugin
1.5 compatible optional
-
Server Sent Events (SSE) Gateway Plugin
1.20 compatible optional
-
1.3.6 compatible optional
-
2.8 compatible optional
-
3.4 compatible optional
-
2.3.2 compatible optional
-
3.3 compatible optional
-
1.95 compatible optional
-
JavaScript GUI Lib: Handlebars bundle plugin
1.1.1 compatible optional
-
2.20 compatible installed by default
-
Jenkins JSch dependency plugin
0.1.55.1 compatible optional
-
Pipeline: Shared Groovy Libraries
2.15 compatible optional
-
1.3.9 compatible optional
-
Handy Uri Templates 2.x API Plugin
2.1.7-1.0 compatible optional
-
1.17 compatible optional
-
1.46.2 compatible optional
-
1.12.4-1 compatible optional
-
Pipeline Graph Analysis Plugin
1.10 compatible optional
-
1.29.4 compatible optional
-
Pipeline implementation for Blue Ocean
1.19.0 compatible optional
-
1.3.9 compatible optional
-
Pipeline: GitHub Groovy Libraries
1.0 compatible optional
-
1.19.0 compatible optional
-
Bitbucket Pipeline for Blue Ocean
1.19.0 compatible optional
-
2.9.12 compatible optional
-
JavaScript GUI Lib: Moment.js bundle plugin
1.1.1 compatible optional
-
1.2.4 compatible optional
-
1.19.0 compatible optional
-
2.18 compatible optional
-
1.19.0 compatible optional
-
1.15 compatible optional
Proprietary plugins
-
Operations Center Notification
1.0 proprietary optional
-
1.2 proprietary optional
-
3.22 proprietary optional
-
User Activity Monitoring Plugin
1.1.5 proprietary optional
-
3.9 proprietary installed by default
-
CloudBees Amazon Web Services Deploy Engine Plugin
1.18 proprietary optional
-
2.8 proprietary optional
-
4.43.1 proprietary optional
-
9.35 proprietary installed by default
-
CloudBees Pipeline: Templates Plugin
3.3 proprietary optional
-
Operations Center Analytics Reporter
2.107.1.5 proprietary optional
-
1.10 proprietary optional
-
CloudBees Label Throttling Plugin
3.7 proprietary optional
-
1.1.18 proprietary optional
-
CloudBees OpenShift CLI Plugin
1.4 proprietary optional
-
1.3 proprietary installed by default
-
CloudBees Update Center Data API
4.42 proprietary installed by default
-
CloudBees Amazon AWS CLI Plugin
1.5.10-1 proprietary optional
-
1.7 proprietary optional
-
CloudBees Pipeline: Groovy Checkpoint Plugin
2.7 proprietary optional
-
CloudBees Blue Ocean Default Theme
0.5 proprietary installed by default
-
CloudBees Role-Based Access Control Plugin
5.28.1 proprietary installed by default
-
CloudBees WikiText Security Plugin
3.12 proprietary optional
-
CloudBees Long-Running Build Plugin
1.13 proprietary optional
-
CloudBees Skip Next Build Plugin
4.2 proprietary optional
-
CloudBees Pull Request Builder for GitHub
1.13 proprietary optional
-
Operations Center Analytics Configuration
2.107.1.5 proprietary optional
-
2.190.0.2 proprietary installed by default
-
1.8 proprietary optional
-
CloudBees Pipeline Stage View Extensions
2.3 proprietary optional
-
2.190.0.1 proprietary optional
-
CloudBees Git Validated Merge Plugin
3.25 proprietary optional
-
CloudBees Restart Aborted Builds Plugin
1.12 proprietary optional
-
CloudBees View Creation Filter Plugin
1.5 proprietary optional
-
CloudBees Administrative Monitors Plugin
1.0.1 proprietary installed by default
-
3.38.14 proprietary optional
-
CloudBees Jenkins Enterprise License Entitlement Check
8.24 proprietary installed by default
-
Beekeeper Upgrade Assistant Plugin
2.138.0.10 proprietary installed by default
-
CloudBees VMWare Autoscaling Plugin
4.3.9 proprietary optional
-
Operations Center Client Plugin
2.190.0.3 proprietary installed by default
-
CloudBees SSH Build Agents Plugin
2.3 proprietary optional
-
1.5 proprietary optional
-
2.190.0.2 proprietary installed by default
-
1.18 proprietary optional
-
CloudBees Even Scheduler Plugin
3.9 proprietary optional
-
CloudBees Fast Archiving Plugin
5.9 proprietary optional
-
1.2 proprietary optional
Verified plugins
-
2.5.4 verified optional
-
1.21.5 verified optional
-
1.20 verified optional
-
1.7.24.2 verified installed by default
-
6.9 verified installed by default
-
1.66.3 verified installed by default
-
2.3.1 verified installed by default
-
1.20 verified optional
-
1.0.9.0 verified installed by default
-
1.30 verified optional
-
1.6 verified optional
-
1.18 verified optional
-
Secure Requester Whitelist Plugin
1.4 verified optional
-
1.28 verified installed by default
-
2.9.0 verified optional
-
1.5 verified optional
-
1.5 verified optional
-
2.10.0 verified installed by default
-
4.0.2.6 verified installed by default
-
1.31.0 verified optional
-
2.5.8 verified optional
-
1.20 verified installed by default
-
1.29 verified optional
-
1.3 verified installed by default
-
2.6.3 verified installed by default
-
1.29 verified installed by default
-
2.8 verified installed by default
-
1.6 verified optional
-
3.6.2 verified optional
-
1.3.0 verified optional
-
1.5 verified optional
-
1.1.3 verified optional
-
Authentication Tokens API Plugin
1.3 verified optional
-
1.8 verified optional
-
2.3.0 verified installed by default
-
1.10 verified optional
-
3.12.2 verified optional