Add warnings for 2023-09-20 security advisory

jenkins-infra · Sep 20, 2023 · 4543b21 · 4543b21
1 parent a3dcfe1
commit 4543b21
Showing 1 changed file with 56 additions and 0 deletions.
diff --git a/resources/warnings.json b/resources/warnings.json
@@ -17125,5 +17125,61 @@
         "pattern": "([023]|1161|1195|120[135]|1226|123[59]|125[67]|127[49]|129[038]|1314|1322|1330)(|[.-].+)"
       }
     ]
+  },
+  {
+    "id": "core-2_424",
+    "type": "core",
+    "name": "core",
+    "message": "Multiple security vulnerabilities in Jenkins 2.423 and earlier, LTS 2.414.1 and earlier",
+    "url": "https://www.jenkins.io/security/advisory/2023-09-20/",
+    "versions": [
+      {
+        "lastVersion": "2.423",
+        "pattern": "(1|2[.][0-9]|2[.]1[0-9]|2[.]10[0-9]|2[.]11[0-9]|2[.]12[0-9]|2[.]13[0-8]|2[.]14[0-9]|2[.]15[0-9]|2[.]16[0-9]|2[.]17[0-9]|2[.]18[012345679]|2[.]19[0-9]|2[.]2[0-9]|2[.]20[0-9]|2[.]21[012345789]|2[.]22[0-9]|2[.]23[0-9]|2[.]24[0-9]|2[.]25[0-9]|2[.]26[0-9]|2[.]27[0-9]|2[.]28[0-9]|2[.]29[0-9]|2[.]3[0-9]|2[.]30[0-9]|2[.]31[1-9]|2[.]32[0-9]|2[.]33[0-9]|2[.]34[0-9]|2[.]35[0456789]|2[.]36[0-9]|2[.]37[0-9]|2[.]38[0-9]|2[.]39[0-9]|2[.]4[0-9]|2[.]40[012345679]|2[.]41[012356789]|2[.]42[0-3]|2[.]5[0-9]|2[.]6[0-9]|2[.]7[0-9]|2[.]8[0-9]|2[.]9[0-9])(|[.-].+)|(2[.]414)"
+      },
+      {
+        "lastVersion": "LTS 2.414.1",
+        "pattern": "(1|2[.]107|2[.]121|2[.]138|2[.]150|2[.]164|2[.]176|2[.]19|2[.]190|2[.]204|2[.]222|2[.]235|2[.]249|2[.]263|2[.]277|2[.]289|2[.]303|2[.]319|2[.]32|2[.]332|2[.]346|2[.]361|2[.]375|2[.]387|2[.]401|2[.]414[.]1|2[.]46|2[.]60|2[.]7|2[.]73|2[.]89)(|[.-].+)"
+      }
+    ]
+  },
+  {
+    "id": "SECURITY-3226",
+    "type": "plugin",
+    "name": "build-failure-analyzer",
+    "message": "CSRF vulnerability and missing permission check allow SSRF",
+    "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3226",
+    "versions": [
+      {
+        "lastVersion": "2.4.1",
+        "pattern": "(1|2[.][0-3]|2[.]4[.][01])(|[.-].+)"
+      }
+    ]
+  },
+  {
+    "id": "SECURITY-3239",
+    "type": "plugin",
+    "name": "build-failure-analyzer",
+    "message": "CSRF vulnerability allows deleting Failure Causes",
+    "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3239",
+    "versions": [
+      {
+        "lastVersion": "2.4.1",
+        "pattern": "(1|2[.][0-3]|2[.]4[.][01])(|[.-].+)"
+      }
+    ]
+  },
+  {
+    "id": "SECURITY-3244",
+    "type": "plugin",
+    "name": "build-failure-analyzer",
+    "message": "Stored XSS vulnerability",
+    "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3244",
+    "versions": [
+      {
+        "lastVersion": "2.4.1",
+        "pattern": "(1|2[.][0-3]|2[.]4[.][01])(|[.-].+)"
+      }
+    ]
   }
 ]