-
Bug
-
Resolution: Fixed
-
Minor
The latest weekly Jenkins build has the following vulnerability detected:
CVE-2022-1471 - Package: org.yaml:snakeyaml - Package Type: MAVEN\n Affected Version: 1.32, Fixed Version: 2.0
Can someone update the latest build with the above version that applies the fixes ?
[JENKINS-70994] Update snakeyaml plugin to 2.0 to silence security scanners
Priority | Original: Critical [ 2 ] | New: Minor [ 4 ] |
Remote Link | New: This issue links to "CVE-2022-1471 in the national vulnerability database (Web Link)" [ 28575 ] |
Remote Link | New: This issue links to "Snakeyaml CVE and NIST article on bitbucket.org (Web Link)" [ 28576 ] |
Summary | Original: CVE-2022-1471 | New: Update snakeyaml plugin to 2.0 to silence security scanners |
Assignee | Original: Emilio Escobar [ escoem ] |
Remote Link | New: This issue links to "PR 75 - update Snakeyaml plugin to use 2.0 (Web Link)" [ 28577 ] |
Description |
Original:
The latest weekly Jenkins build has the following vulnerability detected:
CVE-2022-1471 - Package: org.yaml:snakeyaml - Package Type: MAVEN\n Affected Version: 1.32, Fixed Version: 2.0 Can someone update the latest build with the above version that applies the fixes ? |
New:
The latest weekly Jenkins build has the following vulnerability detected:
[CVE-2022-1471|https://nvd.nist.gov/vuln/detail/CVE-2022-1471] - Package: org.yaml:snakeyaml - Package Type: MAVEN\n Affected Version: 1.32, Fixed Version: 2.0 Can someone update the latest build with the above version that applies the fixes ? |
Released As | New: https://plugins.jenkins.io/snakeyaml-api/releases/#version_2.2-111.vc6598e30cc65 | |
Resolution | New: Cannot Reproduce [ 5 ] | |
Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
Resolution | Original: Cannot Reproduce [ 5 ] | |
Status | Original: Closed [ 6 ] | New: Reopened [ 4 ] |
Labels | New: lts-candidate |