Security advisory
Security advisory
-
CloudBees Security Advisory 2020-03-25
This advisory announces vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform and CloudBees Core.
Plugin modifications
-
Jenkins LTS
Upgraded Jenkins LTS from
2.164.33-cb-1
to2.164.34-cb-1
-
Upgraded CloudBees License Manager from
9.33
to9.35
-
Upgraded Credentials Plugin from
2.2.0
to2.3.0
-
Upgraded Durable Task Plugin from
1.29
to1.30
-
Upgraded Matrix Authorization Strategy Plugin from
2.3
to2.4.2
-
Upgraded CloudBees Role-Based Access Control Plugin from
5.27
to5.27.1
-
Upgraded Operations Center Cluster Operations Plugin from
2.150.2.5
to2.150.2.7
-
Upgraded Operations Center Elasticsearch Provider Plugin from
2.150.2.4
to2.150.2.5
-
Upgraded Operations Center Server Plugin from
2.150.2.9
to2.150.2.11
-
Upgraded Operations Center Single Sign-On Plugin from
2.150.2.4
to2.150.2.6
-
Upgraded Plain Credentials Plugin from
1.4
to1.5
-
Upgraded Script Security Plugin from
1.57.4
to1.57.6
-
Upgraded Structs Plugin from
1.17
to1.19
Compatible plugins
-
Matrix Authorization Strategy Plugin
2.4.2 compatible optional
-
Stack Trace Suppression Plugin
1.5 compatible optional
-
2.33 compatible installed by default
-
1.42.2 compatible optional
-
2.17 compatible installed by default
-
1.14 compatible optional
-
2.1.3 compatible optional
-
1.17 compatible optional
-
Jenkins Active Directory plugin
2.13 compatible optional
-
Jenkins JSch dependency plugin
0.1.55 compatible optional
-
3.4 compatible optional
-
1.4.1 compatible optional
-
2.3.0.1 compatible installed by default
-
1.1 compatible installed by default
-
2.56.1 compatible installed by default
-
2.19 compatible installed by default
-
Jenkins Apache HttpComponents Client 4.x API Plugin
4.5.5-3.0 compatible installed by default
-
2.66 compatible optional
-
CloudBees AWS Credentials Plugin
1.24 compatible optional
-
1.30 compatible optional
-
1.2 compatible installed by default
-
1.11.457 compatible optional
-
1.5.0 compatible installed by default
Proprietary plugins
-
Operations Center Notification
1.0 proprietary optional
-
1.1 proprietary optional
-
CloudBees VMWare Autoscaling Plugin
4.3.8 proprietary optional
-
2.8 proprietary installed by default
-
3.9 proprietary installed by default
-
1.17 proprietary optional
-
CloudBees Restart Aborted Builds Plugin
1.12 proprietary optional
-
3.38.10 proprietary optional
-
Operations Center Analytics Viewer
2.107.1.5 proprietary optional
-
9.35 proprietary installed by default
-
Operations Center Server Role Based Access Control
2.150.2.4 proprietary optional
-
Operations Center Elasticsearch Provider
2.150.2.5 proprietary optional
-
Operations Center Embedded elasticsearch
2.73.0.1 proprietary optional
-
Operations Center Analytics Reporter
2.107.1.5 proprietary optional
-
Operations Center Monitoring Plugin
2.150.2.4 proprietary optional
-
Operations Center Server EC2 Cloud
2.150.2.4 proprietary optional
-
Operations Center Server Cluster Operations
2.150.2.7 proprietary optional
-
Operations Center Analytics Feeder
2.107.1.5 proprietary optional
-
2.150.2.8 proprietary installed by default
-
1.5 proprietary optional
-
CloudBees SSH Build Agents Plugin
2.3 proprietary optional
-
2.107.1.5 proprietary optional
-
1.10 proprietary optional
-
CloudBees Jenkins Enterprise License Entitlement Check
8.18 proprietary installed by default
-
Operations Center JNLP Agent Controller Plugin
2.150.2.4 proprietary optional
-
CloudBees Update Center Data API
4.42 proprietary installed by default
-
CloudBees WikiText Security Plugin
3.9 proprietary optional
-
Beekeeper Upgrade Assistant Plugin
2.138.0.5 proprietary installed by default
-
2.150.2.4 proprietary installed by default
-
Operations Center Analytics Kibana Dashboards
2.107.1.5 proprietary optional
-
Operations Center Update Center Plugin
2.150.2.4 proprietary optional
-
CloudBees Update Center Plugin
4.45 proprietary optional
-
3.22 proprietary installed by default
-
Operations Center Server License Entitlement Check
2.150.2.4 proprietary installed by default
-
CloudBees Role-Based Access Control Plugin
5.27.1 proprietary optional
-
CloudBees Skip Next Build Plugin
4.2 proprietary optional
-
Operations Center Analytics Configuration
2.107.1.5 proprietary optional
-
[CloudBees High Availability Management plugin]
4.20 proprietary installed by default
-
CloudBees Jenkins Advisor Plugin
2.8.1 proprietary optional
-
1.2 proprietary optional
-
Operations Center Server Plugin
2.150.2.11 proprietary installed by default
-
Operations Center Single Sign-On Plugin
2.150.2.6 proprietary optional
Verified plugins
-
1.7.24.2 verified installed by default
-
4.0.2.3 verified installed by default
-
1.26 verified optional
-
2.3.1 verified installed by default
-
1.20 verified optional
-
1.0.9.0 verified installed by default
-
2.9.8 verified installed by default
-
1.23 verified installed by default
-
1.5 verified optional
-
1.57.6 verified installed by default
-
3.5 verified optional
-
1.19 verified installed by default
-
1.5 verified optional
-
1.1.2 verified optional
-
1.26.1 verified installed by default
-
1.17 verified optional
-
2.8 verified installed by default
-
Secure Requester Whitelist Plugin
1.2 verified optional
-
1.2 verified installed by default
-
1.5 verified optional
-
2.4.1 verified installed by default
-
Authentication Tokens API Plugin
1.3 verified optional
-
1.18 verified optional
-
6.7 verified installed by default
-
2.3.0 verified installed by default