• Type: Bug
• Resolution: Unresolved
• Priority: Critical
• Component/s: pipeline-huaweicloud-plugin
• Labels:

  • CVE-2021-44228
  • CVE-2021-45046
  • jcabot:001
  • jcabot:002
  • security

[JENKINS-67359] log4j dependency has critical vulnerability CVE-2021-44228 in Pipeline: HuaweiCloud Steps Plugin

Daniel Beck created issue - 2021-12-11 09:32

Daniel Beck made changes - 2021-12-11 21:51

Priority

Original: Minor [ 4 ]

New: Critical [ 2 ]

Wadeck Follonier made changes - 2021-12-15 08:45

Description

Original: See JENKINS-67353

New: See JENKINS-67353 (!) Update to 2.15 is not sufficient due to https://nvd.nist.gov/vuln/detail/CVE-2021-45046, it requires 2.16. This one is less important but will still be detected by scanners and alert all users.

Wadeck Follonier made changes - 2021-12-15 08:51

Labels

Original: CVE-2021-44228 security

New: CVE-2021-44228 CVE-2021-45046 security

Wadeck Follonier made changes - 2021-12-20 09:23

Description

Original: See JENKINS-67353 (!) Update to 2.15 is not sufficient due to https://nvd.nist.gov/vuln/detail/CVE-2021-45046, it requires 2.16. This one is less important but will still be detected by scanners and alert all users.

New: See JENKINS-67353 https://github.com/jenkinsci/pipeline-huaweicloud-plugin (!) Update to 2.15 is not sufficient due to https://nvd.nist.gov/vuln/detail/CVE-2021-45046, it requires 2.16. This one is less important but will still be detected by scanners and alert all users.

Jenkins CERT Bot made changes - 2022-01-30 16:02

Labels

Original: CVE-2021-44228 CVE-2021-45046 security

New: CVE-2021-44228 CVE-2021-45046 jcabot:001 jcabot:002 security