Security Advisories

CloudBees CI Security Advisory2023-02-08

This advisory announces vulnerabilities in 

,

and

CloudBees CI

CloudBees backup SSH used insecure SSH connection

BEE-24302

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N]

Affected plugin: [pill:CloudBees Backup|https://docs.cloudbees.com/plugins/ci/infradna-backup]

Description:

In the CloudBees Backups plugin, SFTP stores used an insecure SSH connection.

It is now possible to configure a server key verification strategy for SFTP stores to ensure a secure SSH connection.

Severity

Fix

  • CloudBees Traditional Platforms should be upgraded to 2.375.3.3
  • CloudBees Cloud Platforms should be upgraded to 2.375.3.3

Subscription confirmed

You'll now be notified automatically when new vulnerabilities
are disclosed