Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67357

log4j dependency has critical vulnerability CVE-2021-44228 in Micro Focus Application Automation Tools Plugin

    XMLWordPrintable

Details

    • 7.2

    Description

      See JENKINS-67353

      Update to 2.15 is not sufficient due to https://nvd.nist.gov/vuln/detail/CVE-2021-45046, it requires 2.16.
      This one is less important but will still be detected by scanners and alert all users.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-67932 Jenkins Plugin Micro Focus Application Automation tool - Need this plugin which uses org.apache.logging.log4j:log4j-core:2.17.1 or higher

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              zhipengwa Zhipeng
              danielbeck Daniel Beck
              Votes:
              3 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: