Why does CVE-2024-22243 not apply to Jenkins?

jsouthers · July 15, 2024, 7:25pm

An auditor is questioning why CVE-2024-22243 does not apply to jenkins. Spring framework. can anyone provide more detail please?

basil · July 15, 2024, 8:22pm

See https://spring.io/security/cve-2024-22243. Jenkins has been shipping Spring 5.3.32 or later on the weekly release line since 2.446, on the 2.452.x LTS line since 2.452.1, and on the 2.440.x LTS line since 2.440.3.

Topic		Replies	Views
CVE-2024-23897 is vulnerable for jenkins 2.263.1 Using Jenkins question , jenkinsfile	3	444	February 1, 2024
CVE-2024-23898, CVE-2023-27899 and CVE-2023-43496 vulnerabilities on jenkins/jenkins:2.448-alpine-jdk17 Community question	7	503	March 13, 2024
Is Jenkins 2.440.3 impacted by CVE-2024-22262? Using Jenkins docker , sig-security	1	719	May 10, 2024
Info on Jenkins CVE Community	4	75	July 5, 2024
Jenkins CVE info Ask a question	2	82	August 15, 2024

Why does CVE-2024-22243 not apply to Jenkins?

Related Topics