Winstone 5.25 affected by CVE-2022-2047 ; 2048

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      The latest bump of Winstone was to version 5.25 , which uses Jetty 9.4.46.v20220331 as detailed in the Jenkins changelog for the 2.348 .

      This version of Jetty is currently affected by two CVEs.

      https://nvd.nist.gov/vuln/detail/CVE-2022-2048 - High
      https://nvd.nist.gov/vuln/detail/CVE-2022-2047 - Low

      Since Release 5.27 · jenkinsci/winstone (github.com) that Jetty was bumped to 9.4.48.v20220622 which is no longer affected by the two mentioned CVEs.

            Assignee:
            Unassigned
            Reporter:
            João Fernandes
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: