VYPR

apk package

chainguard/jenkins-2.555-openjdk-21

pkg:apk/chainguard/jenkins-2.555-openjdk-21

Vulnerabilities (9)

  • CVE-2026-53441MedJun 10, 2026
    affected < 2.555.3-r0fixed 2.555.3-r0

    Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST config.xml` API, resulting in a stored cross-site scripting (XSS) vulnerability

  • CVE-2026-42521MedApr 29, 2026
    affected < 2.555.2-r0fixed 2.555.2-r0

    Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers

  • CVE-2026-42519MedApr 29, 2026
    affected < 2.555.2-r0fixed 2.555.2-r0

    A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.

  • CVE-2026-41635CriApr 27, 2026
    affected < 2.555.2-r1fixed 2.555.2-r1

    Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in th

  • CVE-2026-5598HigApr 15, 2026
    affected < 2.555.2-r3fixed 2.555.2-r3

    Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.

  • CVE-2026-5588MedApr 15, 2026
    affected < 2.555.2-r3fixed 2.555.2-r3

    Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modul

  • CVE-2026-3505HigApr 15, 2026
    affected < 2.555.2-r3fixed 2.555.2-r3

    Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules). This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.J

  • CVE-2026-0636MedApr 15, 2026
    affected < 2.555.2-r3fixed 2.555.2-r3

    Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from

  • CVE-2026-2332HigApr 14, 2026
    affected < 2.555.2-r3fixed 2.555.2-r3

    In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty term