Bug 1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5
Summary: Fix CVE-2015-7501 affecting agent-maven-3.5
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Jenkins
Version: 4.6
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.7.0
Assignee: Akram Ben Aissi
QA Contact: Jitendar Singh
: 1888650 (view as bug list)
Depends On:
Blocks: 1888650
TreeView+ depends on / blocked
Reported: 2020-10-14 14:15 UTC by Jitendar Singh
Modified: 2021-02-24 15:26 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-02-24 15:26:11 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift jenkins pull 1169 0 None closed Bug 1888292: updating the scl_source enable from rh-maven35 to rh-maven36 2020-12-17 06:21:23 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:26:40 UTC

Description Jitendar Singh 2020-10-14 14:15:40 UTC
Description of problem:
We had customer issue which pointed out that our images have vulnerabilities.
Customer Case : https://access.redhat.com/support/cases/#/case/02771740

How reproducible:
Customer used jFrog xray tool to scan

Comment 5 Jitendar Singh 2020-10-15 04:06:36 UTC

Comment 6 Jitendar Singh 2020-10-15 16:48:40 UTC
- Pulled the maven agent from 4.7.0-0.nightly-2020-10-15-111254 and it works well and doesnt seems to e breaking anything
- used jenkins-agent-maven- quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2e7d39c86252a3edcca9aaed3871d18fb6f7030054e555a1b16524e245eae487
- Installed Quay Container Security to check for any vulnerabilities but it doesnt show any.

Comment 7 Jitendar Singh 2020-12-17 06:39:35 UTC
*** Bug 1888650 has been marked as a duplicate of this bug. ***

Comment 10 errata-xmlrpc 2021-02-24 15:26:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.