• Type: Bug
• Resolution: Fixed
• Priority: Critical
• Component/s: testdroid-run-in-cloud-plugin
• Labels:

  • CVE-2021-44228
  • CVE-2021-45046
  • jcabot:001
  • jcabot:002
  • security

[JENKINS-67361] log4j dependency has critical vulnerability CVE-2021-44228 in Bitbar Run-in-Cloud Plugin

Daniel Beck created issue - 2021-12-11 09:33

Daniel Beck made changes - 2021-12-11 21:51

Priority

Original: Minor [ 4 ]

New: Critical [ 2 ]

Wadeck Follonier made changes - 2021-12-15 08:46

Description

Original: See JENKINS-67353

New: See JENKINS-67353 (!) Update to 2.15 is not sufficient due to https://nvd.nist.gov/vuln/detail/CVE-2021-45046, it requires 2.16. This one is less important but will still be detected by scanners and alert all users.

Wadeck Follonier made changes - 2021-12-15 08:51

Labels

Original: CVE-2021-44228 security

New: CVE-2021-44228 CVE-2021-45046 security

Wadeck Follonier made changes - 2021-12-20 09:24

Description

Original: See JENKINS-67353 (!) Update to 2.15 is not sufficient due to https://nvd.nist.gov/vuln/detail/CVE-2021-45046, it requires 2.16. This one is less important but will still be detected by scanners and alert all users.

New: See JENKINS-67353 https://github.com/jenkinsci/testdroid-run-in-cloud-plugin (!) Update to 2.15 is not sufficient due to https://nvd.nist.gov/vuln/detail/CVE-2021-45046, it requires 2.16. This one is less important but will still be detected by scanners and alert all users.

Jenkins CERT Bot made changes - 2022-01-30 14:31

Labels

Original: CVE-2021-44228 CVE-2021-45046 security

New: CVE-2021-44228 CVE-2021-45046 jcabot:001 jcabot:002 security

Mark Waite made changes - 2023-08-20 10:56

Released As		New: 3.22.4 https://plugins.jenkins.io/testdroid-run-in-cloud/releases/
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Closed [ 6 ]