VYPR

apk package

chainguard/jenkins-2.528-openjdk-17

pkg:apk/chainguard/jenkins-2.528-openjdk-17

Vulnerabilities (3)

  • CVE-2026-5598HigApr 15, 2026
    affected < 2.528.3-r4fixed 2.528.3-r4

    Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.

  • CVE-2026-33002Mar 18, 2026
    affected < 2.528.3-r3fixed 2.528.3-r3

    Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, m

  • CVE-2026-33001Mar 18, 2026
    affected < 2.528.3-r3fixed 2.528.3-r3

    Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the