Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-70994

Update snakeyaml plugin to 2.0 to silence security scanners

      The latest weekly Jenkins build has the following vulnerability detected:

       CVE-2022-1471 - Package: org.yaml:snakeyaml - Package Type: MAVEN\n  Affected Version: 1.32,  Fixed Version: 2.0
       
      Can someone update the latest build with the above version that applies the fixes ?

          [JENKINS-70994] Update snakeyaml plugin to 2.0 to silence security scanners

          Andrew created issue -
          Mark Waite made changes -
          Priority Original: Critical [ 2 ] New: Minor [ 4 ]
          Mark Waite made changes -
          Remote Link New: This issue links to "CVE-2022-1471 in the national vulnerability database (Web Link)" [ 28575 ]
          Mark Waite made changes -
          Remote Link New: This issue links to "Snakeyaml CVE and NIST article on bitbucket.org (Web Link)" [ 28576 ]
          Mark Waite made changes -
          Summary Original: CVE-2022-1471 New: Update snakeyaml plugin to 2.0 to silence security scanners
          Mark Waite made changes -
          Assignee Original: Emilio Escobar [ escoem ]
          Mark Waite made changes -
          Remote Link New: This issue links to "PR 75 - update Snakeyaml plugin to use 2.0 (Web Link)" [ 28577 ]
          Mark Waite made changes -
          Description Original: The latest weekly Jenkins build has the following vulnerability detected:

           
          CVE-2022-1471 - Package: org.yaml:snakeyaml - Package Type: MAVEN\n  Affected Version: 1.32,  Fixed Version: 2.0
           
          Can someone update the latest build with the above version that applies the fixes ?
          New: The latest weekly Jenkins build has the following vulnerability detected:

           [CVE-2022-1471|https://nvd.nist.gov/vuln/detail/CVE-2022-1471] - Package: org.yaml:snakeyaml - Package Type: MAVEN\n  Affected Version: 1.32,  Fixed Version: 2.0
           
          Can someone update the latest build with the above version that applies the fixes ?
          Mark Waite made changes -
          Released As New: https://plugins.jenkins.io/snakeyaml-api/releases/#version_2.2-111.vc6598e30cc65
          Resolution New: Cannot Reproduce [ 5 ]
          Status Original: Open [ 1 ] New: Closed [ 6 ]
          Basil Crow made changes -
          Resolution Original: Cannot Reproduce [ 5 ]
          Status Original: Closed [ 6 ] New: Reopened [ 4 ]
          Basil Crow made changes -
          Labels New: lts-candidate

            Unassigned Unassigned
            fitzwar Andrew
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: