Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-68527

Old Plugin Version (1.4.10) on Jenkins 2.332.3 LTS

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Minor Minor
    • rocket-chat-notifier-plugin
    • None
    • Docker
      Jenkins 2.332.3 (LTS)

      Hi,

      we are getting CVE Errors on our Jenkins 2.332.3 (LTS) which i think they are already fixed in Version 1.5.1.

      But unfortunately on Jenkins LTS the latest Version of the Plugin is 1.4.10.

      The CVE Errors we are getting are:

      SECURITY-2241 / CVE-2022-28138 (CSRF), CVE-2022-28139 (missing permission check)

      What's the reason that the Plugin on the LTS Version of Jenkins will not be updated?

          [JENKINS-68527] Old Plugin Version (1.4.10) on Jenkins 2.332.3 LTS

          Nicolo Mendola created issue -
          Martin Reinhardt made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Martin Reinhardt made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Progress [ 3 ] New: Resolved [ 5 ]

            mreinhardt Martin Reinhardt
            nmendola Nicolo Mendola
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: