Security Advisories

CloudBees CI Security Advisory2023-11-15

This advisory announces vulnerabilities in 

,

and

CloudBees CI

Descriptions

Upgrade Hazelcast from 5.3.2 to 5.3.5 to fix a vulnerability that affects the transitive dependency org.json:json

BEE-41471 / CVE-2023-5072 / GHSA-rm7j-f5g5-27vv

Severity (CVSS): [pill:High|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H]

Affected plugin: [pill:cloudbees-replication|https://docs.cloudbees.com/docs/release-notes/latest/plugins/cloudbees-replication-plugin/]

Description:

The previous version of org.json:json vendored by Hazelcast was affected with CVE-2023-5072. The new version of Hazelcast has upgraded this dependency to avoid any issue.

Severity

Fix

  • CloudBees Traditional Platforms should be upgraded to 2.426.1.2
  • CloudBees Cloud Platforms should be upgraded to 2.426.1.2

Subscription confirmed

You'll now be notified automatically when new vulnerabilities
are disclosed