基础信息
项目名称:jenkinsci/kubernetes-plugin
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1721303121064919040/1724166517427228672
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| org.mozilla:rhino | XXE | MPS-2022-11928 | 高危 | |
| Jenkins Plugin Script Security 安全漏洞 | MPS-2022-60450 | CVE-2022-43401 | 严重 | |
| Jenkins Plugin Script Security 安全漏洞 | MPS-2022-60451 | CVE-2022-43403 | 严重 | |
| Jenkins Plugin Script Security 安全漏洞 | MPS-2022-60452 | CVE-2022-43404 | 严重 | |
| Jenkins Plugin Script Security 加密问题漏洞 | 加密强度不足 | MPS-2022-64519 | CVE-2022-45379 | 高危 |
| Jenkins Plugin Script Security 操作系统命令注入漏洞 | OS命令注入 | MPS-2023-2743 | CVE-2023-24422 | 高危 |
| jenkins folders日志敏感信息泄露漏洞 | 日志敏感信息泄露 | MPS-8wrb-4qzg | CVE-2023-40338 | 高危 |
| jenkins foldersCSRF漏洞 | CSRF | MPS-bfw4-k0nd | CVE-2023-40337 | 中危 |
| jenkins foldersCSRF漏洞 | CSRF | MPS-ezn4-u9sf | CVE-2023-40336 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| org.jenkins-ci.plugins:script-security | 1275.v23895f409fb_d | 间接依赖 | 建议修复 | |
| org.mozilla:rhino | 1.7.7.2 | 1.7.12 | 间接依赖 | 建议修复 |
| org.jenkins-ci.plugins.workflow:workflow-cps | 3806.va_3a_6988277b_2 | 直接依赖 | 建议修复 | |
| org.jenkins-ci.plugins:cloudbees-folder | 6.858.v898218f3609d | 直接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 93 | 低 |
| 自定义许可证 | 5 | 低 |
| LGPL-3.0-or-later | 7 | 低 |
| CDDL-1.1 | 2 | 低 |
| MIT | 1 | 低 |
| JSON | 1 | 低 |
| MPL-2.0 | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| io.fabric8:openshift-model-tuned | 6.8.1 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-apps | 6.8.1 | 间接依赖 | maven |
| com.sun.activation:javax.activation | 1.2.0 | 间接依赖 | maven |
| org.apache.httpcomponents:httpasyncclient-cache | 4.1.5 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-discovery | 6.8.1 | 间接依赖 | maven |
| com.github.java-json-tools:jackson-coreutils | 2.0 | 间接依赖 | maven |
| org.jenkins-ci.plugins:authentication-tokens | 1.53.v1c90fd9191a_b_ | 直接依赖 | maven |
| io.fabric8:kubernetes-httpclient-okhttp | 6.8.1 | 间接依赖 | maven |
| javax.xml.bind:jaxb-api | 2.3.1 | 间接依赖 | maven |
| org.jetbrains.kotlin:kotlin-stdlib | 1.9.0 | 间接依赖 | maven |
| org.jenkins-ci.plugins:kubernetes-client-api | 6.8.1-224.vd388fca_4db_3b_ | 直接依赖 | maven |
| org.jenkins-ci.plugins:credentials | 1309.v8835d63eb_d8a_ | 直接依赖 | maven |
| io.dropwizard.metrics:metrics-json | 4.2.18 | 间接依赖 | maven |
| com.squareup.okio:okio | 3.5.0 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-batch | 6.8.1 | 间接依赖 | maven |
| org.jenkinsci.plugins:pipeline-model-api | 2.2150.v4cfd8916915c | 间接依赖 | maven |
| io.fabric8:kubernetes-model-policy | 6.8.1 | 间接依赖 | maven |
| com.fasterxml.jackson.core:jackson-annotations | 2.15.3 | 间接依赖 | maven |
| io.fabric8:openshift-client-api | 6.8.1 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-networking | 6.8.1 | 间接依赖 | maven |
| org.jetbrains.kotlin:kotlin-stdlib-jdk7 | 1.9.0 | 间接依赖 | maven |
| io.fabric8:openshift-model-installer | 6.8.1 | 间接依赖 | maven |
| org.jenkins-ci.plugins.workflow:workflow-step-api | 639.v6eca_cd8c04a_a_ | 直接依赖 | maven |
| io.dropwizard.metrics:metrics-healthchecks | 4.2.18 | 间接依赖 | maven |
| io.dropwizard.metrics:metrics-jvm | 4.2.18 | 间接依赖 | maven |
| org.jenkins-ci.plugins:variant | 60.v7290fc0eb_b_cd | 直接依赖 | maven |
| org.jenkins-ci.plugins:credentials-binding | 642.v737c34dea_6c2 | 直接依赖 | maven |
| org.codehaus.woodstox:stax2-api | 4.2.1 | 间接依赖 | maven |
| org.jenkins-ci.plugins:jackson2-api | 2.15.3-372.v309620682326 | 直接依赖 | maven |
| io.fabric8:kubernetes-model-autoscaling | 6.8.1 | 间接依赖 | maven |
| io.fabric8:openshift-model-whereabouts | 6.8.1 | 间接依赖 | maven |
| org.kohsuke:groovy-sandbox | 1.33 | 间接依赖 | maven |
| com.fasterxml.jackson.dataformat:jackson-dataformat-cbor | 2.15.3 | 间接依赖 | maven |
| com.squareup.okhttp3:logging-interceptor | 4.11.0 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-common | 6.8.1 | 间接依赖 | maven |
| com.fasterxml.jackson.datatype:jackson-datatype-json-org | 2.15.3 | 间接依赖 | maven |
| org.jenkins-ci.plugins:durable-task | 523.va_a_22cf15d5e0 | 直接依赖 | maven |
| com.github.java-json-tools:uri-template | 0.10 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-rbac | 6.8.1 | 间接依赖 | maven |
| io.fabric8:openshift-model-machine | 6.8.1 | 间接依赖 | maven |
| com.github.java-json-tools:jackson-coreutils-equivalence | 1.0 | 间接依赖 | maven |
| io.jenkins.plugins:caffeine-api | 3.1.8-133.v17b_1ff2e0599 | 直接依赖 | maven |
| io.fabric8:kubernetes-model-metrics | 6.8.1 | 间接依赖 | maven |
| com.sun.mail:mailapi | 1.6.2 | 间接依赖 | maven |
| com.squareup.okio:okio-jvm | 3.5.0 | 间接依赖 | maven |
| org.json:json | 20231013 | 间接依赖 | maven |
| com.fasterxml.jackson.module:jackson-module-jaxb-annotations | 2.15.3 | 间接依赖 | maven |
| org.jenkins-ci.plugins:metrics | 4.2.18-442.v02e107157925 | 直接依赖 | maven |
| com.fasterxml.jackson.datatype:jackson-datatype-jsr310 | 2.15.3 | 间接依赖 | maven |
| io.fabric8:openshift-model-hive | 6.8.1 | 间接依赖 | maven |
| io.fabric8:openshift-model | 6.8.1 | 间接依赖 | maven |
| com.fasterxml.jackson.dataformat:jackson-dataformat-yaml | 2.15.3 | 间接依赖 | maven |
| org.jenkins-ci.plugins.workflow:workflow-api | 1283.v99c10937efcb_ | 直接依赖 | maven |
| io.fabric8:volumesnapshot-client | 6.8.1 | 间接依赖 | maven |
| org.jenkins-ci.plugins:cloudbees-folder | 6.858.v898218f3609d | 直接依赖 | maven |
| com.cloudbees:groovy-cps | 3806.va_3a_6988277b_2 | 间接依赖 | maven |
| com.github.ben-manes.caffeine:caffeine | 3.1.8 | 间接依赖 | maven |
| io.dropwizard.metrics:metrics-jmx | 4.2.18 | 间接依赖 | maven |
| io.jenkins.plugins:javax-activation-api | 1.2.0-6 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-admissionregistration | 6.8.1 | 间接依赖 | maven |
| org.jetbrains.kotlin:kotlin-stdlib-jdk8 | 1.9.0 | 间接依赖 | maven |
| io.fabric8:openshift-model-console | 6.8.1 | 间接依赖 | maven |
| org.snakeyaml:snakeyaml-engine | 2.6 | 间接依赖 | maven |
| io.fabric8:kubernetes-client | 6.8.1 | 间接依赖 | maven |
| io.fabric8:openshift-model-clusterautoscaling | 6.8.1 | 间接依赖 | maven |
| com.fasterxml.jackson.module:jackson-module-parameter-names | 2.15.3 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-node | 6.8.1 | 间接依赖 | maven |
| io.fabric8:openshift-model-machineconfig | 6.8.1 | 间接依赖 | maven |
| io.fabric8:openshift-model-config | 6.8.1 | 间接依赖 | maven |
| org.apache.httpcomponents:httpcore-nio | 4.4.16 | 间接依赖 | maven |
| org.yaml:snakeyaml | 2.2 | 间接依赖 | maven |
| io.dropwizard.metrics:metrics-core | 4.2.18 | 间接依赖 | maven |
| com.fasterxml.jackson.datatype:jackson-datatype-jdk8 | 2.15.3 | 间接依赖 | maven |
| org.apache.httpcomponents:httpcore | 4.4.16 | 间接依赖 | maven |
| io.jenkins.plugins:jaxb | 2.3.9-1 | 间接依赖 | maven |
| joda-time:joda-time | 2.10.5 | 间接依赖 | maven |
| com.googlecode.libphonenumber:libphonenumber | 8.11.1 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-apiextensions | 6.8.1 | 间接依赖 | maven |
| com.github.java-json-tools:btf | 1.3 | 间接依赖 | maven |
| com.github.java-json-tools:json-schema-validator | 2.2.14 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-flowcontrol | 6.8.1 | 间接依赖 | maven |
| io.fabric8:volumesnapshot-model | 6.8.1 | 间接依赖 | maven |
| com.fasterxml.jackson.dataformat:jackson-dataformat-xml | 2.15.3 | 间接依赖 | maven |
| com.fasterxml.jackson.core:jackson-databind | 2.15.3 | 间接依赖 | maven |
| com.cloudbees:diff4j | 1.3 | 间接依赖 | maven |
| io.dropwizard.metrics:metrics-servlet | 4.2.18 | 间接依赖 | maven |
| org.jenkins-ci.plugins.workflow:workflow-cps | 3806.va_3a_6988277b_2 | 直接依赖 | maven |
| com.github.java-json-tools:msg-simple | 1.2 | 间接依赖 | maven |
| io.jenkins.plugins:okhttp-api | 4.11.0-157.v6852a_a_fa_ec11 | 间接依赖 | maven |
| org.jenkins-ci.plugins:pipeline-stage-step | 305.ve96d0205c1c6 | 间接依赖 | maven |
| com.github.java-json-tools:json-schema-core | 1.2.14 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-scheduling | 6.8.1 | 间接依赖 | maven |
| org.jenkins-ci.plugins:plain-credentials | 143.v1b_df8b_d3b_e48 | 直接依赖 | maven |
| org.jenkins-ci.plugins.workflow:workflow-durable-task-step | 1289.v4d3e7b_01546b_ | 直接依赖 | maven |
| io.fabric8:openshift-model-operator | 6.8.1 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-resource | 6.8.1 | 间接依赖 | maven |
| io.jenkins.plugins:snakeyaml-api | 2.2-111.vc6598e30cc65 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-extensions | 6.8.1 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-events | 6.8.1 | 间接依赖 | maven |
| io.fabric8:openshift-client | 6.8.1 | 间接依赖 | maven |
| org.mozilla:rhino | 1.7.7.2 | 间接依赖 | maven |
| org.apache.httpcomponents:fluent-hc | 4.5.14 | 间接依赖 | maven |
| dk.brics.automaton:automaton | 1.11-8 | 间接依赖 | maven |
| org.jetbrains.kotlin:kotlin-stdlib-common | 1.9.0 | 间接依赖 | maven |
| org.jenkins-ci.plugins:apache-httpcomponents-client-4-api | 4.5.14-208.v438351942757 | 间接依赖 | maven |
| org.apache.httpcomponents:httpasyncclient | 4.1.5 | 间接依赖 | maven |
| org.apache.httpcomponents:httpclient-cache | 4.5.14 | 间接依赖 | maven |
| com.fasterxml.woodstox:woodstox-core | 6.5.1 | 间接依赖 | maven |
| org.apache.httpcomponents:httpmime | 4.5.14 | 间接依赖 | maven |
| io.fabric8:kubernetes-client-api | 6.8.1 | 间接依赖 | maven |
| com.sun.xml.bind:jaxb-impl | 2.3.9 | 间接依赖 | maven |
| com.github.mifmif:generex | 1.0.2 | 间接依赖 | maven |
| io.jenkins.plugins:lib-durable-task | 40.vc66cf8fb_4613 | 间接依赖 | maven |
| org.jenkinsci.plugins:pipeline-model-extensions | 2.2150.v4cfd8916915c | 直接依赖 | maven |
| io.fabric8:openshift-model-monitoring | 6.8.1 | 间接依赖 | maven |
| org.apache.httpcomponents:httpclient | 4.5.14 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-gatewayapi | 6.8.1 | 间接依赖 | maven |
| io.fabric8:openshift-model-storageversionmigrator | 6.8.1 | 间接依赖 | maven |
| io.fabric8:zjsonpatch | 0.3.0 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-core | 6.8.1 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-certificates | 6.8.1 | 间接依赖 | maven |
| io.jenkins.plugins:ionicons-api | 56.v1b_1c8c49374e | 间接依赖 | maven |
| org.jenkins-ci.plugins:scm-api | 676.v886669a_199a_a_ | 间接依赖 | maven |
| org.jenkins-ci.plugins:script-security | 1275.v23895f409fb_d | 间接依赖 | maven |
| com.squareup.okhttp3:okhttp | 4.11.0 | 间接依赖 | maven |
| org.jenkins-ci.plugins:structs | 325.vcb_307d2a_2782 | 直接依赖 | maven |
| io.fabric8:kubernetes-model-coordination | 6.8.1 | 间接依赖 | maven |
| io.fabric8:kubernetes-model-storageclass | 6.8.1 | 间接依赖 | maven |
| org.jenkinsci.plugins:kubernetes-credentials | 0.11 | 直接依赖 | maven |
| io.fabric8:openshift-model-operatorhub | 6.8.1 | 间接依赖 | maven |
| com.fasterxml.jackson.core:jackson-core | 2.15.3 | 间接依赖 | maven |
| io.fabric8:openshift-model-miscellaneous | 6.8.1 | 间接依赖 | maven |