Details
-
Bug
-
Status: Resolved (View Workflow)
-
Minor
-
Resolution: Fixed
-
Jenkins version: 2.319.2
Jenkins plugin: publish-over-ssh
-
-
Publish Over SSH 1.24
Description
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository (https://updates.jenkins.io/update-center.json) The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.
Plugin removed from update center until security issues are resolved
Jenkins Security Advisory 2022-01-12 describes the following vulnerabilities:
- SECURITY-2287 - Stored XSS vulnerability (medium severity)
- SECURITY-2290 - CSRF vulnerability and missing permission checks (medium severity)
- SECURITY-2307 - Path traversal vulnerability (medium severity)
- SECURITY-2291 - Password stored in plain text (low severity)
Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.
Users that accept the security vulnerabilities can still download the plugin from the Jenkins artifact repository and upload it to their Jenkins installation.
Attachments
Issue Links
Activity
Martijn
created issue -
| Field | Original Value | New Value |
|---|---|---|
| Summary | publish-over-ssh plugin is missing in dynamic plugin repository (2.319) | publish-over-ssh plugin is missing in update center |
| Description |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. h2. Plugin removed from update center until security issues are resolved |
| Description |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. h2. Plugin removed from update center until security issues are resolved |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. h2. Plugin removed from update center until security issues are resolved Jenkins Security Advisory 2022-01-12 describes the following vulnerabilities: SECURITY-2287 - Stored XSS vulnerability (medium severity) SECURITY-2290 - CSRF vulnerability and missing permission checks (medium severity) SECURITY-2307 - Path traversal vulnerability (medium severity) SECURITY-2291 - Password stored in plain text (low severity) |
| Description |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. h2. Plugin removed from update center until security issues are resolved Jenkins Security Advisory 2022-01-12 describes the following vulnerabilities: SECURITY-2287 - Stored XSS vulnerability (medium severity) SECURITY-2290 - CSRF vulnerability and missing permission checks (medium severity) SECURITY-2307 - Path traversal vulnerability (medium severity) SECURITY-2291 - Password stored in plain text (low severity) |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. h2. Plugin removed from update center until security issues are resolved [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities: * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity) * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity) * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity) * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity) |
| Summary | publish-over-ssh plugin is missing in update center | publish-over-ssh plugin has been removed from update center |
| Summary | publish-over-ssh plugin has been removed from update center | publish-over-ssh plugin removed from update center |
| Description |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. h2. Plugin removed from update center until security issues are resolved [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities: * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity) * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity) * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity) * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity) |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. h2. Plugin removed from update center until security issues are resolved [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities: * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity) * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity) * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity) * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity) Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable. |
| Description |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. h2. Plugin removed from update center until security issues are resolved [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities: * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity) * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity) * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity) * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity) Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable. |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. h2. Plugin removed from update center until security issues are resolved [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities: * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity) * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity) * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity) * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity) Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable. Users that accept the security vulnerabilities can still download the plugin from the [Jenkins artifact repository|https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/plugins/publish-over-ssh/1.22/publish-over-ssh-1.22.hpi] and upload it to their Jenkins installation. |
| Labels | jcabot:001 |
| Labels | jcabot:001 | jcabot:001 jcabot:002 |
| Labels | jcabot:001 jcabot:002 |
| Description |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository ([https://updates.jenkins.io/dynamic-2.319/latest/).] The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. h2. Plugin removed from update center until security issues are resolved [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities: * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity) * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity) * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity) * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity) Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable. Users that accept the security vulnerabilities can still download the plugin from the [Jenkins artifact repository|https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/plugins/publish-over-ssh/1.22/publish-over-ssh-1.22.hpi] and upload it to their Jenkins installation. |
The plugin `publish-over-ssh` appears to be missing from the latest plugin repository (https://updates.jenkins.io/update-center.json) The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again. h2. Plugin removed from update center until security issues are resolved [Jenkins Security Advisory 2022-01-12|https://www.jenkins.io/security/advisory/2022-01-12/] describes the following vulnerabilities: * [SECURITY-2287|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287] - Stored XSS vulnerability (medium severity) * [SECURITY-2290|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290] - CSRF vulnerability and missing permission checks (medium severity) * [SECURITY-2307|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307] - Path traversal vulnerability (medium severity) * [SECURITY-2291|https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291] - Password stored in plain text (low severity) Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable. Users that accept the security vulnerabilities can still download the plugin from the [Jenkins artifact repository|https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/plugins/publish-over-ssh/1.22/publish-over-ssh-1.22.hpi] and upload it to their Jenkins installation. |
| Labels | jcabot:001 jcabot:002 |
Asım Erel
made changes -
| Status | Open [ 1 ] | In Progress [ 3 ] |
Asım Erel
made changes -
| Status | In Progress [ 3 ] | Open [ 1 ] |
Kalle Niemitalo
made changes -
| Released As | Publish Over SSH 1.24 | |
| Resolution | Fixed [ 1 ] | |
| Status | Open [ 1 ] | Resolved [ 5 ] |
Kalle Niemitalo
made changes -
| Remote Link | This issue links to "Unsuspend publish-over-ssh since 1.24 · Pull Request #572 · jenkins-infra/update-center2 (Web Link)" [ 27420 ] |