oss-sec mailing list archives

Re: Multiple vulnerabilities in Jenkins plugins

From: Sebastian Pipping <sebastian () pipping org>
Date: Wed, 29 Oct 2025 16:19:55 +0100

Hi!

On 10/29/25 14:03, Daniel Beck wrote:

Additionally, we announce unresolved security issues in the following
plugins:

* Azure CLI Plugin
* ByteGuard Build Actions Plugin
* Curseforge Publisher Plugin
* Eggplant Runner Plugin
* Extensible Choice Parameter Plugin
* JDepend Plugin
* Nexus Task Runner Plugin
* OpenShift Pipeline Plugin
* Publish to Bitbucket Plugin
* Start Windocks Containers Plugin
* Themis Plugin

For anyone else who also wonders about the combination of announcingwithout a fix (and the motivation or story behind it), I found

https://www.jenkins.io/security/plugins/#unresolved for a documented
answer.

Best, Sebastian

Current thread:

Multiple vulnerabilities in Jenkins plugins Daniel Beck (Oct 29)
- Re: Multiple vulnerabilities in Jenkins plugins Sebastian Pipping (Oct 29)