Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69074

Winstone 5.25 affected by CVE-2022-2047 ; 2048

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Minor Minor
    • winstone-jetty
    • None

      The latest bump of Winstone was to version 5.25 , which uses Jetty 9.4.46.v20220331 as detailed in the Jenkins changelog for the 2.348 .

      This version of Jetty is currently affected by two CVEs.

      https://nvd.nist.gov/vuln/detail/CVE-2022-2048 - High
      https://nvd.nist.gov/vuln/detail/CVE-2022-2047 - Low

      Since Release 5.27 · jenkinsci/winstone (github.com) that Jetty was bumped to 9.4.48.v20220622 which is no longer affected by the two mentioned CVEs.

            Unassigned Unassigned
            joaocfernandes João Fernandes
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: