[JENKINS-67590] publish-over-ssh plugin removed from update center

Martijn created issue - 2022-01-14 10:15

Mark Waite made changes - 2022-01-20 14:24

Summary

Original: publish-over-ssh plugin is missing in dynamic plugin repository (2.319)

New: publish-over-ssh plugin is missing in update center

Mark Waite made changes - 2022-01-20 14:25

Description

Original: The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

New: The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

h2. Plugin removed from update center until security issues are resolved

Mark Waite made changes - 2022-01-20 14:26

Description

Original: The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

h2. Plugin removed from update center until security issues are resolved

New: The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

h2. Plugin removed from update center until security issues are resolved

Jenkins Security Advisory 2022-01-12 describes the following vulnerabilities:

SECURITY-2287 - Stored XSS vulnerability (medium severity)
SECURITY-2290 - CSRF vulnerability and missing permission checks (medium severity)
SECURITY-2307 - Path traversal vulnerability (medium severity)
SECURITY-2291 - Password stored in plain text (low severity)

Mark Waite made changes - 2022-01-20 14:26

Description

Original: The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

h2. Plugin removed from update center until security issues are resolved

Jenkins Security Advisory 2022-01-12 describes the following vulnerabilities:

SECURITY-2287 - Stored XSS vulnerability (medium severity)
SECURITY-2290 - CSRF vulnerability and missing permission checks (medium severity)
SECURITY-2307 - Path traversal vulnerability (medium severity)
SECURITY-2291 - Password stored in plain text (low severity)

New: The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

h2. Plugin removed from update center until security issues are resolved

[Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

* [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
* [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
* [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
* [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)

Mark Waite made changes - 2022-01-20 14:26

Summary

Original: publish-over-ssh plugin is missing in update center

New: publish-over-ssh plugin has been removed from update center

Mark Waite made changes - 2022-01-20 14:26

Summary

Original: publish-over-ssh plugin has been removed from update center

New: publish-over-ssh plugin removed from update center

Mark Waite made changes - 2022-01-20 14:27

Description

Original: The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

h2. Plugin removed from update center until security issues are resolved

[Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

* [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
* [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
* [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
* [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)

New: The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

h2. Plugin removed from update center until security issues are resolved

[Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

* [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
* [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
* [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
* [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)

Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.

Mark Waite made changes - 2022-01-20 14:29

Description

Original: The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

h2. Plugin removed from update center until security issues are resolved

[Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

* [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
* [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
* [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
* [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)

Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.

New: The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

h2. Plugin removed from update center until security issues are resolved

[Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

* [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
* [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
* [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
* [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)

Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.

Users that accept the security vulnerabilities can still download the plugin from the [Jenkins artifact repository|https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/plugins/publish-over-ssh/1.22/publish-over-ssh-1.22.hpi] and upload it to their Jenkins installation.

Jenkins CERT Bot made changes - 2022-01-29 21:45

Labels

New: jcabot:001

Jenkins CERT Bot made changes - 2022-01-29 22:03

Labels

Original: jcabot:001

New: jcabot:001 jcabot:002

Jenkins

Details

Description

Plugin removed from update center until security issues are resolved

Attachments

Issue Links

Activity

People

Dates