[midPoint-ci] Build failed in Jenkins: midpoint-support-4.4-security #2

Jenkins noreply at evolveum.com
Tue Oct 17 15:11:49 CEST 2023


See <https://jenkins.evolveum.com/job/midpoint-support-4.4-security/2/display/redirect>

Changes:


------------------------------------------
[...truncated 43265 lines...]
	{{/with}}
{{/with}}```


## Recommendation

Upgrade to version 3.0.8, 4.5.2 or later., Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), handlebars issue: 1495, CVE-2015-8861, handlebars issue: 1633
AdminLTE-2.4.18.jar: ckeditor.js (pkg:javascript/ckeditor at 4.12.1) : CVE-2023-28439, CVE-2021-32808, CVE-2021-32809, CVE-2021-37695, CVE-2021-41164, CVE-2021-41165, CVE-2022-24728, XSS-type attack inside CKEditor 4 by persuading a victim to paste a specially crafted HTML code into the Color Button dialog, ReDoS vulnerability in Autolink plugin and Advanced Tab for Dialogs plugin, XSS
AdminLTE-2.4.18.jar: core.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: data.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-af.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ar-DZ.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ar.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-az.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-be.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-bg.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-bs.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ca.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-cs.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-cy-GB.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-da.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-de.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-el.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-en-AU.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-en-GB.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-en-NZ.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-eo.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-es.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-et.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-eu.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fa.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fi.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fo.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fr-CA.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fr-CH.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fr.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-gl.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-he.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-hi.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-hr.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-hu.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-hy.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-id.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-is.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-it-CH.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-it.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ja.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ka.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-kk.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-km.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ko.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ky.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-lb.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-lt.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-lv.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-mk.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ml.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ms.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-nb.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-nl-BE.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-nl.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-nn.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-no.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-pl.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-pt-BR.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-pt.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-rm.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ro.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ru.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sk.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sl.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sq.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sr-SR.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sr.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sv.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ta.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-th.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-tj.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-tr.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-uk.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-vi.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-zh-CN.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-zh-HK.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-zh-TW.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: disable-selection.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: effect.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: escape-selector.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: focusable.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: form-reset-mixin.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: form.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: ie.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: jquery-1-7.js (pkg:javascript/jquery at 1-7) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-23064, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery-1-7.js (pkg:javascript/jquery at 1-7) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-23064, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery-1.7.1.min.js (pkg:javascript/jquery at 1.7.1.min) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-23064, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery-1.7.2.js (pkg:javascript/jquery at 1.7.2) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-23064, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery-1.8.2.js (pkg:javascript/jquery at 1.8.2) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-23064, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery-ui.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: jquery-ui.js (pkg:javascript/jquery-ui-dialog at 1.11.4, pkg:javascript/jquery-ui at 1.11.4) : CVE-2016-7103, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: jquery-ui.min.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: jquery-ui.min.js (pkg:javascript/jquery-ui-dialog at 1.11.4, pkg:javascript/jquery-ui at 1.11.4) : CVE-2016-7103, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: jquery.dataTables.js (pkg:javascript/jquery.datatables at 1.10.19) : prototype pollution, possible XSS
AdminLTE-2.4.18.jar: jquery.dataTables.min.js (pkg:javascript/jquery.datatables at 1.10.19) : prototype pollution, possible XSS
AdminLTE-2.4.18.jar: jquery.js (pkg:javascript/jquery at 1.8.3) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-23064, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery.js (pkg:javascript/jquery at 3.4.1) : CVE-2020-11022, CVE-2020-23064
AdminLTE-2.4.18.jar: jquery.min.js (pkg:javascript/jquery at 3.4.1) : CVE-2020-11022, CVE-2020-23064
AdminLTE-2.4.18.jar: jquery.min.js (pkg:javascript/jquery at 2.1.1) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-23064, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery.slim.js (pkg:javascript/jquery at 3.4.1) : CVE-2020-11022, CVE-2020-23064
AdminLTE-2.4.18.jar: jquery.slim.min.js (pkg:javascript/jquery at 3.4.1) : CVE-2020-11022, CVE-2020-23064
AdminLTE-2.4.18.jar: keycode.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: labels.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: plugin.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: position.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: safe-active-element.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: safe-blur.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: scroll-parent.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: tabbable.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: unique-id.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: version.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: widget.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
bcel-6.3.1.jar (pkg:maven/org.apache.bcel/bcel at 6.3.1, cpe:2.3:a:apache:commons_bcel:6.3.1:*:*:*:*:*:*:*) : CVE-2022-42920
bcprov-jdk15on-1.69.jar (pkg:maven/org.bouncycastle/bcprov-jdk15on at 1.69, cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.69:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.69:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.69:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.69:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.69:*:*:*:*:*:*:*) : CVE-2023-33201
commons-compiler-3.1.9.jar (pkg:maven/org.codehaus.janino/commons-compiler at 3.1.9, cpe:2.3:a:janino_project:janino:3.1.9:*:*:*:*:*:*:*) : CVE-2023-33546
connector-ldap-3.5.jar: commons-text-1.9.jar (pkg:maven/org.apache.commons/commons-text at 1.9, cpe:2.3:a:apache:commons_text:1.9:*:*:*:*:*:*:*) : CVE-2022-42889
connector-ldap-3.5.jar: mina-core-2.2.1.jar (pkg:maven/org.apache.mina/mina-core at 2.2.1, cpe:2.3:a:apache:mina:2.2.1:*:*:*:*:*:*:*) : CVE-2023-35887
h2-1.4.193.jar (pkg:maven/com.h2database/h2 at 1.4.193, cpe:2.3:a:h2database:h2:1.4.193:*:*:*:*:*:*:*) : CVE-2018-14335
jackson-databind-2.12.7.1.jar (pkg:maven/com.fasterxml.jackson.core/jackson-databind at 2.12.7.1, cpe:2.3:a:fasterxml:jackson-databind:2.12.7.1:*:*:*:*:*:*:*, cpe:2.3:a:fasterxml:jackson-modules-java8:2.12.7.1:*:*:*:*:*:*:*) : CVE-2023-35116
janino-3.1.4.jar (pkg:maven/org.codehaus.janino/janino at 3.1.4, cpe:2.3:a:janino_project:janino:3.1.4:*:*:*:*:*:*:*) : CVE-2023-33546
je-5.0.103.jar (pkg:maven/com.sleepycat/je at 5.0.103, cpe:2.3:a:oracle:berkeley_db:5.0.103:*:*:*:*:*:*:*) : CVE-2017-3604, CVE-2017-3605, CVE-2017-3606, CVE-2017-3607, CVE-2017-3608, CVE-2017-3609, CVE-2017-3610, CVE-2017-3611, CVE-2017-3612, CVE-2017-3613, CVE-2017-3614, CVE-2017-3615, CVE-2017-3616, CVE-2017-3617, CVE-2020-2981, CVE-2019-2708
mina-core-2.1.3.jar (pkg:maven/org.apache.mina/mina-core at 2.1.3, cpe:2.3:a:apache:mina:2.1.3:*:*:*:*:*:*:*) : CVE-2021-41973, CVE-2023-35887
netty-transport-4.1.92.Final.jar (pkg:maven/io.netty/netty-transport at 4.1.92.Final, cpe:2.3:a:netty:netty:4.1.92:*:*:*:*:*:*:*) : CVE-2023-4586, CVE-2023-34462
okhttp-3.14.9.jar (pkg:maven/com.squareup.okhttp3/okhttp at 3.14.9, cpe:2.3:a:squareup:okhttp:3.14.9:*:*:*:*:*:*:*, cpe:2.3:a:squareup:okhttp3:3.14.9:*:*:*:*:*:*:*) : CVE-2021-0341, CVE-2023-0833
okio-1.17.2.jar (pkg:maven/com.squareup.okio/okio at 1.17.2, cpe:2.3:a:squareup:okio:1.17.2:*:*:*:*:*:*:*) : CVE-2023-3635
snakeyaml-1.28.jar (pkg:maven/org.yaml/snakeyaml at 1.28, cpe:2.3:a:snakeyaml_project:snakeyaml:1.28:*:*:*:*:*:*:*) : CVE-2022-25857, CVE-2022-38749, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854, CVE-2022-38750
spring-security-crypto-5.6.12.jar (pkg:maven/org.springframework.security/spring-security-crypto at 5.6.12, cpe:2.3:a:pivotal_software:spring_security:5.6.12:*:*:*:*:*:*:*, cpe:2.3:a:spring:spring:5.6.12:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring:5.6.12:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_security:5.6.12:*:*:*:*:*:*:*) : CVE-2020-5408
spring-security-web-5.6.12.jar (pkg:maven/org.springframework.security/spring-security-web at 5.6.12, cpe:2.3:a:pivotal_software:spring_security:5.6.12:*:*:*:*:*:*:*, cpe:2.3:a:spring:spring:5.6.12:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_security:5.6.12:*:*:*:*:*:*:*, cpe:2.3:a:web_project:web:5.6.12:*:*:*:*:*:*:*) : CVE-2023-20862
spring-web-5.3.27.jar (pkg:maven/org.springframework/spring-web at 5.3.27, cpe:2.3:a:pivotal_software:spring_framework:5.3.27:*:*:*:*:*:*:*, cpe:2.3:a:spring:spring:5.3.27:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.27:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring:5.3.27:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.27:*:*:*:*:*:*:*, cpe:2.3:a:web_project:web:5.3.27:*:*:*:*:*:*:*) : CVE-2016-1000027
testng-7.4.0.jar (pkg:maven/org.testng/testng at 7.4.0, cpe:2.3:a:testng_project:testng:7.4.0:*:*:*:*:*:*:*) : CVE-2022-4065
tomcat-embed-core-9.0.75.jar (pkg:maven/org.apache.tomcat.embed/tomcat-embed-core at 9.0.75, cpe:2.3:a:apache:tomcat:9.0.75:*:*:*:*:*:*:*, cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.75:*:*:*:*:*:*:*) : CVE-2023-42794, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648
wicket-core-9.13.0.jar: jquery-1.12.4.js (pkg:javascript/jquery at 1.12.4) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-23064, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
wicket-core-9.13.0.jar: jquery-1.12.4.min.js (pkg:javascript/jquery at 1.12.4.min) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-23064, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
wicket-core-9.13.0.jar: jquery-2.2.4.js (pkg:javascript/jquery at 2.2.4) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-23064, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
wicket-core-9.13.0.jar: jquery-2.2.4.min.js (pkg:javascript/jquery at 2.2.4.min) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-23064, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
wicket-datetime-8.0.0-M7.jar (pkg:maven/org.apache.wicket/wicket-datetime at 8.0.0-M7, cpe:2.3:a:apache:wicket:8.0.0:m7:*:*:*:*:*:*) : CVE-2020-11976
wicket-datetime-8.0.0-M7.jar: calendar-min.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: calendar.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: dom-min.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: dom.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: event-min.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: event.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: yahoo-dom-event.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: yahoo-min.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: yahoo.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: yuiloader-min.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: yuiloader.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
xercesImpl-2.12.2.jar (pkg:maven/xerces/xercesImpl at 2.12.2, cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:xerces2_java:2.12.2:*:*:*:*:*:*:*) : CVE-2017-10355


See the dependency-check report for more details.


[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for midPoint Project 4.4.7-SNAPSHOT:
[INFO] 
[INFO] midPoint Project ................................... FAILURE [06:50 min]
[INFO] midPoint Infrastructure ............................ SKIPPED
[INFO] midPoint Infrastructure - schema ................... SKIPPED
[INFO] midPoint Repository ................................ SKIPPED
[INFO] midPoint Repository - api .......................... SKIPPED
[INFO] midPoint Task Manager - api ........................ SKIPPED
[INFO] midPoint Infrastructure - testing utils (lvl 2) .... SKIPPED
[INFO] midPoint Infrastructure - common ................... SKIPPED
[INFO] midPoint Audit - api ............................... SKIPPED
[INFO] midPoint Security - api ............................ SKIPPED
[INFO] midPoint Repository - SQL common support ........... SKIPPED
[INFO] midPoint Repository - sql repository ............... SKIPPED
[INFO] midPoint System Initialization ..................... SKIPPED
[INFO] midPoint Repository - new SQL repository ........... SKIPPED
[INFO] midPoint Repository - sql repository test .......... SKIPPED
[INFO] midPoint Repository Cache .......................... SKIPPED
[INFO] midPoint Icf Connectors ............................ SKIPPED
[INFO] Dummy Resource ..................................... SKIPPED
[INFO] midPoint Repository - test utils ................... SKIPPED
[INFO] midPoint Audit - logging impl ...................... SKIPPED
[INFO] midPoint Security Enforcer - api ................... SKIPPED
[INFO] midPoint Model ..................................... SKIPPED
[INFO] midPoint Model - api ............................... SKIPPED
[INFO] midPoint Security - impl ........................... SKIPPED
[INFO] midPoint Task Manager - Quartz impl ................ SKIPPED
[INFO] midPoint Tools ..................................... SKIPPED
[INFO] midPoint Tools - Ninja ............................. SKIPPED
[INFO] midPoint Tools - custom Spring Boot WAR/JAR layout . SKIPPED
[INFO] midPoint Infrastructure - pure JAXB schema ......... SKIPPED
[INFO] midPoint Repo Commons .............................. SKIPPED
[INFO] midPoint Security Enforcer - impl .................. SKIPPED
[INFO] midPoint Provisioning .............................. SKIPPED
[INFO] midPoint Provisioning - api ........................ SKIPPED
[INFO] Unified Connector Framework - api .................. SKIPPED
[INFO] Dummy Connector .................................... SKIPPED
[INFO] Unified Connector Framework - ConnId impl .......... SKIPPED
[INFO] Unified Connector Framework - Built-in impl ........ SKIPPED
[INFO] midPoint Provisioning - impl ....................... SKIPPED
[INFO] midPoint Model - common ............................ SKIPPED
[INFO] midPoint Notifications - api ....................... SKIPPED
[INFO] Dummy Connector Fake ............................... SKIPPED
[INFO] midPoint Model - test .............................. SKIPPED
[INFO] midPoint Report - api .............................. SKIPPED
[INFO] midPoint Workflow - api ............................ SKIPPED
[INFO] midPoint Access Certification - api ................ SKIPPED
[INFO] midPoint Model - impl .............................. SKIPPED
[INFO] midPoint Notifications - impl ...................... SKIPPED
[INFO] midPoint Model - integration tests ................. SKIPPED
[INFO] midPoint Report - impl ............................. SKIPPED
[INFO] midPoint Workflow - impl ........................... SKIPPED
[INFO] midPoint Access Certification - impl ............... SKIPPED
[INFO] midPoint REST-ish service implementation ........... SKIPPED
[INFO] midPoint Customizations ............................ SKIPPED
[INFO] midPoint User Interface ............................ SKIPPED
[INFO] midPoint User Interface - admin web gui ............ SKIPPED
[INFO] midPoint Testing Infrastructure .................... SKIPPED
[INFO] midPoint Testing - Resource Connection Tests ....... SKIPPED
[INFO] midPoint Testing - Long Tests ...................... SKIPPED
[INFO] midPoint Testing - Story Tests ..................... SKIPPED
[INFO] midPoint Testing - REST API ........................ SKIPPED
[INFO] midPoint Distribution .............................. SKIPPED
[INFO] midPoint API Distribution .......................... SKIPPED
[INFO] midPoint JavaDoc ................................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  06:53 min
[INFO] Finished at: 2023-10-17T13:11:48Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.2.1:aggregate (default-cli) on project midpoint: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis:
[ERROR] 	InitializationException: Unable to read yarn audit output.
[ERROR] 		caused by IOException: Cannot run program "yarn": error=2, No such file or directory
[ERROR] 		caused by IOException: error=2, No such file or directory
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // stage
[Pipeline] error
[Pipeline] step


More information about the midPoint-ci mailing list