Bug 1861842
Summary: | CVE-2020-2181 CVE-2020-2182 jenkins-2-plugins: jenkins-credentials-binding-plugin: various flaws [openshift-4] | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Vibhav Bobade <vbobade> |
Component: | Jenkins | Assignee: | Vibhav Bobade <vbobade> |
Status: | CLOSED ERRATA | QA Contact: | Jitendar Singh <jitsingh> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.3.0 | CC: | abenaiss, aos-bugs, bmontgom, eparis, jburrell, jitsingh, jokerman, mcooper, nstielau, pbhattac, scuppett, sfowler, sponnaga, talessio, vbobade, yuxzhu |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | 4.3.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | component:jenkins-2-plugins | ||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1861840 | Environment: | |
Last Closed: | 2020-10-20 15:50:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1861840 | ||
Bug Blocks: | 1847341, 1847348 |
Description
Vibhav Bobade
2020-07-29 17:24:55 UTC
Moving back to ASSIGNED based on https://issues.redhat.com/browse/OCPPLAN-4693?focusedCommentId=15153829&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15153829 Just tested it with the latest nightly for 4.3 https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1341931 and it has the fix. ================================================== jsingh@localhost ~ oc new-app jenkins-ephemeral -p NAMESPACE=$(oc project -q) -p JENKINS_IMAGE_STREAM_TAG=jenkins-jitsingh:latest --> Deploying template "openshift/jenkins-ephemeral" to project jenkins-test Jenkins (Ephemeral) --------- Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing. A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template. * With parameters: * Jenkins Service Name=jenkins * Jenkins JNLP Service Name=jenkins-jnlp * Enable OAuth in Jenkins=true * Memory Limit=1Gi * Jenkins ImageStream Namespace=jenkins-test * Disable memory intensive administrative monitors=false * Jenkins ImageStreamTag=jenkins-jitsingh:latest * Allows use of Jenkins Update Center repository with invalid SSL certificate=false --> Creating resources ... route.route.openshift.io "jenkins" created deploymentconfig.apps.openshift.io "jenkins" created serviceaccount "jenkins" created rolebinding.authorization.openshift.io "jenkins_edit" created service "jenkins-jnlp" created service "jenkins" created --> Success Access your application via route 'jenkins-jenkins-test.apps.sharedocp4upi43.lab.upshift.rdu2.redhat.com' Run 'oc status' to view your app. jsingh@localhost ~ oc get pods -w NAME READY STATUS RESTARTS AGE jenkins-1-deploy 0/1 ContainerCreating 0 5s jenkins-1-deploy 0/1 ContainerCreating 0 12s jenkins-1-26nhb 0/1 Pending 0 0s jenkins-1-26nhb 0/1 Pending 0 0s jenkins-1-26nhb 0/1 ContainerCreating 0 0s jenkins-1-deploy 1/1 Running 0 19s jenkins-1-26nhb 0/1 ContainerCreating 0 3s jenkins-1-26nhb 0/1 ContainerCreating 0 11s ^C% ✘ jsingh@localhost ~ oc rsh jenkins-1-26nhb sh-4.2$ cat /var/lib/jenkins/plugins/credentials-binding/META-INF/MANIFEST.MF |grep Implementation-Version Implementation-Version: 1.23 sh-4.2$ % jsingh@localhost ~ oc new-app -f maven.yaml --> Deploying template "jenkins-test/maven-pipeline" for "maven.yaml" to project jenkins-test * With parameters: * Application Name=openshift-jee-sample * Source URL=https://github.com/openshift/openshift-jee-sample.git * Source Ref=master * GitHub Webhook Secret=MKY8cSSRpKqhD3IqGLeeLl0Fc7tO6F2BHV1QKklR # generated * Generic Webhook Secret=1LeK7kIEnm7XxBYlk3J7WtQs2Q7vPceSyFkd3Au1 # generated --> Creating resources ... imagestream.image.openshift.io "openshift-jee-sample" created imagestream.image.openshift.io "wildfly" created buildconfig.build.openshift.io "openshift-jee-sample" created buildconfig.build.openshift.io "openshift-jee-sample-docker" created deploymentconfig.apps.openshift.io "openshift-jee-sample" created service "openshift-jee-sample" created route.route.openshift.io "openshift-jee-sample" created --> Success Use 'oc start-build openshift-jee-sample' to start a build. Use 'oc start-build openshift-jee-sample-docker' to start a build. Access your application via route 'openshift-jee-sample-jenkins-test.apps.sharedocp4upi43.lab.upshift.rdu2.redhat.com' Run 'oc status' to view your app. jsingh@localhost ~ oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD jenkins jenkins-jenkins-test.apps.sharedocp4upi43.lab.upshift.rdu2.redhat.com jenkins <all> edge/Redirect None openshift-jee-sample openshift-jee-sample-jenkins-test.apps.sharedocp4upi43.lab.upshift.rdu2.redhat.com openshift-jee-sample 8080-tcp None jsingh@localhost ~ oc start-build openshift-jee-sample build.build.openshift.io/openshift-jee-sample-1 started jsingh@localhost ~ oc get pods -w NAME READY STATUS RESTARTS AGE jenkins-1-26nhb 1/1 Running 0 3m43s jenkins-1-deploy 0/1 Completed 0 4m2s maven-nlg1x 0/1 ContainerCreating 0 1s maven-nlg1x 0/1 ContainerCreating 0 3s maven-nlg1x 0/1 ContainerCreating 0 8s maven-nlg1x 1/1 Running 0 30s maven-nlg1x 1/1 Terminating 0 70s maven-nlg1x 1/1 Terminating 0 71s openshift-jee-sample-docker-1-build 0/1 Pending 0 0s openshift-jee-sample-docker-1-build 0/1 Pending 0 0s openshift-jee-sample-docker-1-build 0/1 Init:0/2 0 0s maven-nlg1x 0/1 Terminating 0 72s maven-nlg1x 0/1 Terminating 0 73s maven-nlg1x 0/1 Terminating 0 73s openshift-jee-sample-docker-1-build 0/1 Init:0/2 0 2s openshift-jee-sample-docker-1-build 0/1 Init:0/2 0 3s openshift-jee-sample-docker-1-build 0/1 Init:1/2 0 4s openshift-jee-sample-docker-1-build 0/1 PodInitializing 0 5s openshift-jee-sample-docker-1-build 1/1 Running 0 6s openshift-jee-sample-docker-1-build 0/1 Completed 0 55s openshift-jee-sample-docker-1-build 0/1 Completed 0 55s openshift-jee-sample-1-deploy 0/1 Pending 0 0s openshift-jee-sample-1-deploy 0/1 Pending 0 0s openshift-jee-sample-1-deploy 0/1 ContainerCreating 0 0s openshift-jee-sample-1-deploy 0/1 ContainerCreating 0 2s openshift-jee-sample-1-deploy 1/1 Running 0 3s openshift-jee-sample-1-skc4k 0/1 Pending 0 0s openshift-jee-sample-1-skc4k 0/1 Pending 0 0s openshift-jee-sample-1-skc4k 0/1 ContainerCreating 0 0s openshift-jee-sample-docker-1-build 0/1 Completed 0 59s openshift-jee-sample-1-skc4k 0/1 ContainerCreating 0 3s openshift-jee-sample-1-skc4k 0/1 ContainerCreating 0 11s openshift-jee-sample-1-skc4k 0/1 Running 0 28s openshift-jee-sample-1-skc4k 1/1 Running 0 64s openshift-jee-sample-1-deploy 0/1 Completed 0 67s openshift-jee-sample-1-deploy 0/1 Completed 0 67s openshift-jee-sample-1-deploy 0/1 Completed 0 74s Moving to ON_QA considering the recent update on this VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.3.40 jenkins-2-plugins security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:4265 |