Security Advisories
CloudBees CI Security Advisory2023-02-08
This advisory announces vulnerabilities in
,
and
CloudBees CI

CloudBees backup SSH used insecure SSH connection
BEE-24302
Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N]
Affected plugin: [pill:CloudBees Backup|https://docs.cloudbees.com/plugins/ci/infradna-backup]
Description:
In the CloudBees Backups plugin, SFTP stores used an insecure SSH connection.
It is now possible to configure a server key verification strategy for SFTP stores to ensure a secure SSH connection.
Note
Warning
Severity
- BEE-24302: Medium
Fix
- CloudBees Traditional Platforms should be upgraded to 2.375.3.3
- CloudBees Cloud Platforms should be upgraded to 2.375.3.3