One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0'

I am building and running my shared library project developed in Jenkins groovy. While running the project, I get the below warning:

One or more dependencies were identified with known vulnerabilities in Jenkins Shared Pipeline Library:
script-security-1229.v4880b_b_e905a_6.jar (pkg:maven/org.jenkins-ci.plugins/script-security@1229.v4880b_b_e905a_6, cpe:2.3:a:jenkins:script_security:1229.v4880.e905:a_6:*:*:*:*:*:*) : CVE-2023-24422

Version of dependency/plugin in pom.xml file:

  • org.owasp.dependency-check-maven - 8.0.1
  • org.jenkins-ci.plugins.script-security - 1229.v4880b_b_e905a_6

What is the reason for this issue and any idea on how to fix it?

How do you fix using a version with a security issue? Upgrade to a newer version.

Hi @halkeye ,
Even with the latest version of org.jenkins-ci.plugins.script-security and org.owasp.dependency-check-maven(8.0.2), I get the same warning.