One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0'

swsing · February 12, 2023, 8:19am

I am building and running my shared library project developed in Jenkins groovy. While running the project, I get the below warning:

One or more dependencies were identified with known vulnerabilities in Jenkins Shared Pipeline Library:
script-security-1229.v4880b_b_e905a_6.jar (pkg:maven/org.jenkins-ci.plugins/script-security@1229.v4880b_b_e905a_6, cpe:2.3:a:jenkins:script_security:1229.v4880.e905:a_6:*:*:*:*:*:*) : CVE-2023-24422

Version of dependency/plugin in pom.xml file:

org.owasp.dependency-check-maven - 8.0.1
org.jenkins-ci.plugins.script-security - 1229.v4880b_b_e905a_6

What is the reason for this issue and any idea on how to fix it?

halkeye · February 12, 2023, 8:28am

How do you fix using a version with a security issue? Upgrade to a newer version.

swsing · February 12, 2023, 1:44pm

Hi @halkeye ,
Even with the latest version of org.jenkins-ci.plugins.script-security and org.owasp.dependency-check-maven(8.0.2), I get the same warning.

Topic		Replies	Views
OWASP Dependency-Check plugin warning - SECURITY-2488 / CVE-2021-43577 Ask a question plugin-site	1	537	December 5, 2021
Mitigating CVE-2023-27898 XSS vulnerability in plugin manager and related Ask a question question , sig-security	1	864	March 16, 2023
Apache Commons Text vulnerability CVE-2022-42889 Ask a question	3	2294	October 21, 2022
Vulnerabilities on Jenkins LTS 2.401.1 Ask a question question , docker	5	1003	August 8, 2023
CVE-2024-23898, CVE-2023-27899 and CVE-2023-43496 vulnerabilities on jenkins/jenkins:2.448-alpine-jdk17 Community question	7	531	March 13, 2024

One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0'

Related topics