Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1?arch=el8
purl pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1?arch=el8
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-7k5m-ys11-mfby
Aliases:
CVE-2023-1370
GHSA-493p-pfq6-5258
json-smart Uncontrolled Recursion vulnerability Affected versions of [net.minidev:json-smart](https://github.com/netplex/json-smart-v1) are vulnerable to Denial of Service (DoS) due to a StackOverflowError when parsing a deeply nested JSON array or object. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the 3PP does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software. There are no reported fixed by versions.
VCID-9h46-72hw-bkcr
Aliases:
CVE-2022-42003
GHSA-jjjh-jjxp-wpff
Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service. There are no reported fixed by versions.
VCID-khr7-6pza-afab
Aliases:
CVE-2023-26464
GHSA-vp98-w2p3-mv35
Apache Log4j 1.x (EOL) allows Denial of Service (DoS) ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. There are no reported fixed by versions.
VCID-myp4-24sf-9yfv
Aliases:
CVE-2022-40150
GHSA-x27m-9w8j-5vcw
Jettison memory exhaustion Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack. There are no reported fixed by versions.
VCID-qq1f-3nsz-6kcz
Aliases:
CVE-2023-1436
GHSA-q6g2-g7f3-rr83
Jettison vulnerable to infinite recursion An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. There are no reported fixed by versions.
VCID-sqx4-euc2-myew
Aliases:
CVE-2022-40149
GHSA-56h3-78gp-v83r
Jettison parser crash by stackoverflow Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. There are no reported fixed by versions.
VCID-v2pq-1qhm-4qb9
Aliases:
CVE-2022-42004
GHSA-rgv9-q543-rqg4
Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service. There are no reported fixed by versions.
VCID-v9jp-s75d-zffs
Aliases:
CVE-2023-32977
GHSA-2wvv-phhw-qvmc
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately. There are no reported fixed by versions.
VCID-yph7-zq7p-j3hz
Aliases:
CVE-2023-32981
GHSA-6987-xccv-fhjp
Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:57:07.256814+00:00 RedHat Importer Affected by VCID-sqx4-euc2-myew https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40149.json 38.0.0
2026-04-01T13:57:06.854068+00:00 RedHat Importer Affected by VCID-myp4-24sf-9yfv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40150.json 38.0.0
2026-04-01T13:56:59.416250+00:00 RedHat Importer Affected by VCID-v2pq-1qhm-4qb9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json 38.0.0
2026-04-01T13:56:55.339773+00:00 RedHat Importer Affected by VCID-9h46-72hw-bkcr https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json 38.0.0
2026-04-01T13:55:02.831840+00:00 RedHat Importer Affected by VCID-khr7-6pza-afab https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json 38.0.0
2026-04-01T13:54:41.648351+00:00 RedHat Importer Affected by VCID-7k5m-ys11-mfby https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1370.json 38.0.0
2026-04-01T13:54:41.429553+00:00 RedHat Importer Affected by VCID-qq1f-3nsz-6kcz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1436.json 38.0.0
2026-04-01T13:53:54.672059+00:00 RedHat Importer Affected by VCID-yph7-zq7p-j3hz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32981.json 38.0.0
2026-04-01T13:53:54.554615+00:00 RedHat Importer Affected by VCID-v9jp-s75d-zffs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32977.json 38.0.0