Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <28e080a3-5916-4e82-bfbd-bce9bc1da091@pipping.org>
Date: Wed, 29 Oct 2025 16:19:55 +0100
From: Sebastian Pipping <sebastian@...ping.org>
To: oss-security@...ts.openwall.com
Subject: Re: Multiple vulnerabilities in Jenkins plugins

Hi!

On 10/29/25 14:03, Daniel Beck wrote:
> Additionally, we announce unresolved security issues in the following
> plugins:
> 
> * Azure CLI Plugin
> * ByteGuard Build Actions Plugin
> * Curseforge Publisher Plugin
> * Eggplant Runner Plugin
> * Extensible Choice Parameter Plugin
> * JDepend Plugin
> * Nexus Task Runner Plugin
> * OpenShift Pipeline Plugin
> * Publish to Bitbucket Plugin
> * Start Windocks Containers Plugin
> * Themis Plugin

For anyone else who also wonders about the combination of announcing 
without a fix (and the motivation or story behind it), I found
https://www.jenkins.io/security/plugins/#unresolved for a documented
answer.

Best, Sebastian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.