Security Advisories
CloudBees CI Security Advisory2023-11-15
This advisory announces vulnerabilities in
,
and
CloudBees CI

Descriptions
Upgrade Hazelcast from 5.3.2 to 5.3.5 to fix a vulnerability that affects the transitive dependency org.json:json
BEE-41471 / CVE-2023-5072 / GHSA-rm7j-f5g5-27vv
Severity (CVSS): [pill:High|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H]
Affected plugin: [pill:cloudbees-replication|https://docs.cloudbees.com/docs/release-notes/latest/plugins/cloudbees-replication-plugin/]
Description:
The previous version of org.json:json vendored by Hazelcast was affected with CVE-2023-5072. The new version of Hazelcast has upgraded this dependency to avoid any issue.
Note
Warning
Severity
- BEE-41471: High
Fix
- CloudBees Traditional Platforms should be upgraded to 2.426.1.2
- CloudBees Cloud Platforms should be upgraded to 2.426.1.2