Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67590

publish-over-ssh plugin removed from update center

    XMLWordPrintable

Details

    • Publish Over SSH 1.24

    Description

      The plugin `publish-over-ssh` appears to be missing from the latest plugin repository (https://updates.jenkins.io/update-center.json) The same plugin was however available in the previous version.

      We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

      Plugin removed from update center until security issues are resolved

      Jenkins Security Advisory 2022-01-12 describes the following vulnerabilities:

      • SECURITY-2287 - Stored XSS vulnerability (medium severity)
      • SECURITY-2290 - CSRF vulnerability and missing permission checks (medium severity)
      • SECURITY-2307 - Path traversal vulnerability (medium severity)
      • SECURITY-2291 - Password stored in plain text (low severity)

      Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.

      Users that accept the security vulnerabilities can still download the plugin from the Jenkins artifact repository and upload it to their Jenkins installation.

      Attachments

        Activity

          blueicarus Martijn created issue -
          markewaite Mark Waite made changes -
          Field Original Value New Value
          Summary publish-over-ssh plugin is missing in dynamic plugin repository (2.319) publish-over-ssh plugin is missing in update center
          markewaite Mark Waite made changes -
          Description The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.
          The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

          h2. Plugin removed from update center until security issues are resolved

          markewaite Mark Waite made changes -
          Description The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

          h2. Plugin removed from update center until security issues are resolved

          The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

          h2. Plugin removed from update center until security issues are resolved

          Jenkins Security Advisory 2022-01-12 describes the following vulnerabilities:

          SECURITY-2287 - Stored XSS vulnerability (medium severity)
          SECURITY-2290 - CSRF vulnerability and missing permission checks (medium severity)
          SECURITY-2307 - Path traversal vulnerability (medium severity)
          SECURITY-2291 - Password stored in plain text (low severity)
          markewaite Mark Waite made changes -
          Description The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

          h2. Plugin removed from update center until security issues are resolved

          Jenkins Security Advisory 2022-01-12 describes the following vulnerabilities:

          SECURITY-2287 - Stored XSS vulnerability (medium severity)
          SECURITY-2290 - CSRF vulnerability and missing permission checks (medium severity)
          SECURITY-2307 - Path traversal vulnerability (medium severity)
          SECURITY-2291 - Password stored in plain text (low severity)
          The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

          h2. Plugin removed from update center until security issues are resolved

          [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

          * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
          * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
          * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
          * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)
          markewaite Mark Waite made changes -
          Summary publish-over-ssh plugin is missing in update center publish-over-ssh plugin has been removed from update center
          markewaite Mark Waite made changes -
          Summary publish-over-ssh plugin has been removed from update center publish-over-ssh plugin removed from update center
          markewaite Mark Waite made changes -
          Description The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

          h2. Plugin removed from update center until security issues are resolved

          [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

          * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
          * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
          * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
          * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)
          The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

          h2. Plugin removed from update center until security issues are resolved

          [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

          * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
          * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
          * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
          * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)

          Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.
          markewaite Mark Waite made changes -
          Description The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

          h2. Plugin removed from update center until security issues are resolved

          [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

          * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
          * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
          * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
          * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)

          Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.
          The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

          h2. Plugin removed from update center until security issues are resolved

          [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

          * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
          * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
          * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
          * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)

          Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.

          Users that accept the security vulnerabilities can still download the plugin from the [Jenkins artifact repository|https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/plugins/publish-over-ssh/1.22/publish-over-ssh-1.22.hpi] and upload it to their Jenkins installation.
          jenkins_cert_bot Jenkins CERT Bot made changes -
          Labels jcabot:001
          jenkins_cert_bot Jenkins CERT Bot made changes -
          Labels jcabot:001 jcabot:001 jcabot:002
          markewaite Mark Waite made changes -
          Labels jcabot:001 jcabot:002
          markewaite Mark Waite made changes -
          Description The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

          h2. Plugin removed from update center until security issues are resolved

          [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

          * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
          * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
          * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
          * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)

          Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.

          Users that accept the security vulnerabilities can still download the plugin from the [Jenkins artifact repository|https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/plugins/publish-over-ssh/1.22/publish-over-ssh-1.22.hpi] and upload it to their Jenkins installation.
          The plugin `publish-over-ssh` appears to be missing from the latest plugin repository (https://updates.jenkins.io/update-center.json) The same plugin was however available in the previous version.

          We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

          h2. Plugin removed from update center until security issues are resolved

          [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities:

          * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity)
          * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity)
          * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity)
          * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity)

          Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.

          Users that accept the security vulnerabilities can still download the plugin from the [Jenkins artifact repository|https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/plugins/publish-over-ssh/1.22/publish-over-ssh-1.22.hpi] and upload it to their Jenkins installation.
          jenkins_cert_bot Jenkins CERT Bot made changes -
          Labels jcabot:001 jcabot:002
          asimerel Asım Erel made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          asimerel Asım Erel made changes -
          Status In Progress [ 3 ] Open [ 1 ]
          kon Kalle Niemitalo made changes -
          Released As Publish Over SSH 1.24
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Resolved [ 5 ]
          kon Kalle Niemitalo made changes -
          Remote Link This issue links to "Unsuspend publish-over-ssh since 1.24 · Pull Request #572 · jenkins-infra/update-center2 (Web Link)" [ 27420 ]

          People

            Unassigned Unassigned
            blueicarus Martijn
            Votes:
            4 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: