[JENKINS-70290] CVE-2022-45047 MINA SSHD

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: mina-sshd-api-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show
Released As:
2.406 and later include 2.10.0. 2.379 and later include 2.9.2

Getting the following vulnerability in the latest weekly Jenkins build (2.382 ) - MINA SSHD

CVE-2022-45047\n Package: org.apache.sshd:sshd-common\n Package Type: MAVEN\n Affected Version: 2.9.1 Fixed Version: 2.9.2

Andrew created issue - 2022-12-15 14:23

Alexander Brandes added a comment - 2022-12-15 21:47

Make sure you're using an up-to-date version of all mina components, the latest release, 2.9.2-50.va_0e1f42659a_a, bundles Apache's 2.9.2 version.

Alexander Brandes added a comment - 2022-12-15 21:47 Make sure you're using an up-to-date version of all mina components, the latest release, 2.9.2-50.va_0e1f42659a_a, bundles Apache's 2.9.2 version.

Alexander Brandes made changes - 2022-12-15 21:47

Resolution		New: Not A Defect [ 7 ]
Status	Original: Open [ 1 ]	New: Closed [ 6 ]

Andrew added a comment - 2023-01-23 12:19 - edited

We're still getting this vulnerability security alert after installing Jenkins, without any plugins installed. CVE-2022-45047. We're using the latest weekly build

Are there any references to org.apache.sshd:sshd-common Package Type: MAVEN within any of the Jenkins files after installing that could be referencing the affected Version: 2.9.1 ?

Note: we dont have any jenkins plugins installed or mina components installed

Andrew added a comment - 2023-01-23 12:19 - edited We're still getting this vulnerability security alert after installing Jenkins, without any plugins installed. CVE-2022-45047. We're using the latest weekly build Are there any references to org.apache.sshd:sshd-common Package Type: MAVEN within any of the Jenkins files after installing that could be referencing the affected Version: 2.9.1 ? Note: we dont have any jenkins plugins installed or mina components installed

Andrew made changes - 2023-01-23 12:19

Resolution	Original: Not A Defect [ 7 ]
Status	Original: Closed [ 6 ]	New: Reopened [ 4 ]

Andrew added a comment - 2023-02-03 11:28

Our vulnerability scanner has detected the following file is out of date:

/usr/share/java/jenkins.war/WEB-INF/detached-plugins/mina-sshd-api-common.hpi/WEB-INF/lib/sshd-common-2.9.1.jar

{{}}

{{Latest version is }}2.9.2

Can someone update this within the next weekly Jenkins install ?

Andrew added a comment - 2023-02-03 11:28 Our vulnerability scanner has detected the following file is out of date: /usr/share/java/jenkins.war/WEB-INF/detached-plugins/mina-sshd-api-common.hpi/WEB-INF/lib/sshd-common-2.9.1.jar {{}} {{Latest version is }}2.9.2 Can someone update this within the next weekly Jenkins install ?

Mark Waite made changes - 2023-10-06 20:53

Released As		New: 2.406 and later include 2.10.0. 2.379 and later include 2.9.2
Resolution		New: Fixed [ 1 ]
Status	Original: Reopened [ 4 ]	New: Closed [ 6 ]

Assignee:: Unassigned

Reporter:: Andrew

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022-12-15 14:23

Updated:: 2023-10-06 20:53

Resolved:: 2023-10-06 20:53

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Alexander Brandes added a comment - 2022-12-15 21:47

Expand comment: Alexander Brandes added a comment - 2022-12-15 21:47

Collapse comment: Andrew added a comment - 2023-01-23 12:19, Edited by Andrew - 2023-01-23 12:22

Expand comment: Andrew added a comment - 2023-01-23 12:19, Edited by Andrew - 2023-01-23 12:22

Collapse comment: Andrew added a comment - 2023-02-03 11:28

Expand comment: Andrew added a comment - 2023-02-03 11:28

People

Dates