CloudBees CI Security Advisory 2023-02-08

This advisory announces vulnerabilities in CloudBees CI

CloudBees backup SSH used insecure SSH connection

BEE-24302
Severity (CVSS): Medium
Affected plugin: CloudBees Backup
Description:

In the CloudBees Backups plugin, SFTP stores used an insecure SSH connection.

It is now possible to configure a server key verification strategy for SFTP stores to ensure a secure SSH connection.

Severity

Fix

  • CloudBees Traditional Platforms should be upgraded to 2.375.3.3

  • CloudBees Cloud Platforms should be upgraded to 2.375.3.3