[JENKINS-67358] log4j dependency has critical vulnerability CVE-2021-44228 in lambdatest-automation plugin

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: lambdatest-automation-plugin
Labels:

Similar Issues:
Powered by SuggestiMate

Show
Epic Link:
log4j CVE-2021-44228 and CVE-2021-45046
Released As:
1.20.0

Update to 2.15 is not sufficient due to https://nvd.nist.gov/vuln/detail/CVE-2021-45046, it requires 2.16.
This one is less important but will still be detected by scanners and alert all users.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Screenshot_2021-12-17_092159_001.png
36 kB
2021-12-17 08:22

Daniel Beck created issue - 2021-12-11 09:31

Daniel Beck made changes - 2021-12-11 21:51

Priority

Original: Minor [ 4 ]

New: Critical [ 2 ]

Wadeck Follonier made changes - 2021-12-15 08:43

Description

Original: See JENKINS-67353

New: See JENKINS-67353

(!) Update to 2.15 is not sufficient due to https://nvd.nist.gov/vuln/detail/CVE-2021-45046, it requires 2.16.
This one is less important but will still be detected by scanners and alert all users.

Wadeck Follonier made changes - 2021-12-15 08:51

Labels

Original: CVE-2021-44228 security

New: CVE-2021-44228 CVE-2021-45046 security

Wadeck Follonier made changes - 2021-12-17 08:22

Released As		New: 1.20.0
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Closed [ 6 ]

Wadeck Follonier made changes - 2021-12-17 08:22

Attachment

New: Screenshot_2021-12-17_092159_001.png [ 56959 ]

Jenkins CERT Bot made changes - 2022-01-30 16:02

Labels

Original: CVE-2021-44228 CVE-2021-45046 security

New: CVE-2021-44228 CVE-2021-45046 jcabot:001 jcabot:002 security

Assignee:: LambdaTest Automation

Reporter:: Daniel Beck

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2021-12-11 09:31

Updated:: 2022-01-30 16:02

Resolved:: 2021-12-17 08:22

Jenkins

Details

Description

Attachments

Attachments

Activity

People

Dates