The Total Economic Impact of CloudBees - commissioned study shows cost savings of $30.9 million using CloudBees for CI/CD →

CloudBees CI Security Advisory 2023-11-15

This advisory announces vulnerabilities in CloudBees CI

Descriptions

Upgrade Hazelcast from 5.3.2 to 5.3.5 to fix a vulnerability that affects the transitive dependency org.json:json

BEE-41471 / CVE-2023-5072 / GHSA-rm7j-f5g5-27vv
Severity (CVSS): High
Affected plugin: cloudbees-replication
Description:

The previous version of org.json:json vendored by Hazelcast was affected with CVE-2023-5072. The new version of Hazelcast has upgraded this dependency to avoid any issue.

Severity

BEE-41471: High

Fix

CloudBees Traditional Platforms should be upgraded to 2.426.1.2
CloudBees Cloud Platforms should be upgraded to 2.426.1.2

More Security Advisories

From code to customer.

Continuously advancing your business.

Why CloudBees

About
Services
News
Meet the Bees
Join the Hive
Contact us

Partners

Partners Overview
Technology Partners
AWS
Google Cloud
VMware

Resources

Blogs
Customer Stories
Whitepapers
Events

Policy Links

Trust Center
Terms of Service
Security Policy

Developers

Technical Tuesdays
CloudBees and Open Source
Security Advisories

Security Advisory Impact

Descriptions

Upgrade Hazelcast from 5.3.2 to 5.3.5 to fix a vulnerability that affects the transitive dependency org.json:json

Severity

Fix