apk package
chainguard/jenkins-2.504
pkg:apk/chainguard/jenkins-2.504
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-41249 | Hig | 7.5 | < 2.504.3-r5 | 2.504.3-r5 | Sep 16, 2025 | The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application m | |
| CVE-2025-41248 | Hig | 7.5 | < 2.504.3-r5 | 2.504.3-r5 | Sep 16, 2025 | The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in a | |
| CVE-2024-9453 | — | < 0 | 0 | Jul 4, 2025 | A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the | ||
| CVE-2025-41234 | Med | 6.5 | < 2.504.2-r3 | 2.504.2-r3 | Jun 12, 2025 | Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-s | |
| CVE-2025-48734 | — | < 2.504.2-r1 | 2.504.2-r1 | May 28, 2025 | Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was no | ||
| CVE-2025-22233 | Low | 3.1 | < 2.504.2-r2 | 2.504.2-r2 | May 16, 2025 | CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Sp |
- affected < 2.504.3-r5fixed 2.504.3-r5
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application m
- affected < 2.504.3-r5fixed 2.504.3-r5
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in a
- CVE-2024-9453Jul 4, 2025affected < 0fixed 0
A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the
- affected < 2.504.2-r3fixed 2.504.2-r3
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-s
- CVE-2025-48734May 28, 2025affected < 2.504.2-r1fixed 2.504.2-r1
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was no
- affected < 2.504.2-r2fixed 2.504.2-r2
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Sp