[midPoint-ci] Build failed in Jenkins: midPoint - support 4.4 - security checks #242

Jenkins noreply at evolveum.com
Wed Jun 12 05:32:29 CEST 2024 

See <https://jenkins.evolveum.com/job/midpoint-support-4.4-security/242/display/redirect>

Changes:


------------------------------------------
[...truncated 43625 lines...]
AdminLTE-2.4.18.jar: datepicker-bs.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ca.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-cs.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-cy-GB.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-da.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-de.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-el.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-en-AU.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-en-GB.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-en-NZ.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-eo.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-es.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-et.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-eu.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fa.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fi.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fo.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fr-CA.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fr-CH.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-fr.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-gl.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-he.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-hi.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-hr.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-hu.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-hy.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-id.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-is.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-it-CH.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-it.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ja.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ka.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-kk.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-km.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ko.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ky.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-lb.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-lt.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-lv.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-mk.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ml.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ms.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-nb.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-nl-BE.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-nl.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-nn.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-no.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-pl.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-pt-BR.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-pt.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-rm.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ro.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ru.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sk.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sl.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sq.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sr-SR.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sr.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-sv.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-ta.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-th.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-tj.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-tr.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-uk.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-vi.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-zh-CN.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-zh-HK.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: datepicker-zh-TW.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: disable-selection.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: effect.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: escape-selector.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: focusable.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: form-reset-mixin.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: form.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: ie.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: jquery-1-7.js (pkg:javascript/jquery at 1-7) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery-1-7.js (pkg:javascript/jquery at 1-7) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery-1.7.1.min.js (pkg:javascript/jquery at 1.7.1.min) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery-1.7.2.js (pkg:javascript/jquery at 1.7.2) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery-1.8.2.js (pkg:javascript/jquery at 1.8.2) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery-ui.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: jquery-ui.js (pkg:javascript/jquery-ui-dialog at 1.11.4, pkg:javascript/jquery-ui at 1.11.4) : CVE-2016-7103, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: jquery-ui.min.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: jquery-ui.min.js (pkg:javascript/jquery-ui-dialog at 1.11.4, pkg:javascript/jquery-ui at 1.11.4) : CVE-2016-7103, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: jquery.dataTables.js (pkg:javascript/jquery.datatables at 1.10.19) : CVE-2020-28458, CVE-2021-23445, prototype pollution, possible XSS
AdminLTE-2.4.18.jar: jquery.dataTables.min.js (pkg:javascript/jquery.datatables at 1.10.19) : CVE-2020-28458, CVE-2021-23445, prototype pollution, possible XSS
AdminLTE-2.4.18.jar: jquery.js (pkg:javascript/jquery at 1.8.3) : CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-7656, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery.js (pkg:javascript/jquery at 3.4.1) : CVE-2020-11022
AdminLTE-2.4.18.jar: jquery.min.js (pkg:javascript/jquery at 3.4.1) : CVE-2020-11022
AdminLTE-2.4.18.jar: jquery.min.js (pkg:javascript/jquery at 2.1.1) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
AdminLTE-2.4.18.jar: jquery.slim.js (pkg:javascript/jquery at 3.4.1) : CVE-2020-11022
AdminLTE-2.4.18.jar: jquery.slim.min.js (pkg:javascript/jquery at 3.4.1) : CVE-2020-11022
AdminLTE-2.4.18.jar: keycode.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: labels.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: moment-with-locales.min.js (pkg:javascript/moment.js at 2.24.0) : CVE-2023-22467
AdminLTE-2.4.18.jar: moment.js (pkg:javascript/moment.js at 2.24.0) : CVE-2023-22467
AdminLTE-2.4.18.jar: moment.min.js (pkg:javascript/moment.js at 2.24.0) : CVE-2023-22467
AdminLTE-2.4.18.jar: plugin.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: position.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: safe-active-element.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: safe-blur.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: scroll-parent.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: tabbable.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: unique-id.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: version.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
AdminLTE-2.4.18.jar: widget.js (pkg:javascript/jquery-ui at 1.12.1) : CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160
amqp-client-5.12.0.jar (pkg:maven/com.rabbitmq/amqp-client at 5.12.0, cpe:2.3:a:vmware:rabbitmq:5.12.0:*:*:*:*:*:*:*, cpe:2.3:a:vmware:rabbitmq_java_client:5.12.0:*:*:*:*:*:*:*) : CVE-2023-46120
bcel-6.3.1.jar (pkg:maven/org.apache.bcel/bcel at 6.3.1, cpe:2.3:a:apache:commons_bcel:6.3.1:*:*:*:*:*:*:*) : CVE-2022-42920
bcpkix-jdk15on-1.69.jar (pkg:maven/org.bouncycastle/bcpkix-jdk15on at 1.69, cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.69:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.69:*:*:*:*:*:*:*) : CVE-2023-33202
bcprov-jdk15on-1.69.jar (pkg:maven/org.bouncycastle/bcprov-jdk15on at 1.69, cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.69:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.69:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.69:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.69:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.69:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:the_bouncy_castle_crypto_package_for_java:1.69:*:*:*:*:*:*:*) : CVE-2023-33202
bcutil-jdk15on-1.69.jar (pkg:maven/org.bouncycastle/bcutil-jdk15on at 1.69, cpe:2.3:a:bouncycastle:bouncy_castle_for_java:1.69:*:*:*:*:*:*:*, cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.69:*:*:*:*:*:*:*) : CVE-2023-33202
chartjs-2.9.4.jar: Chart.bundle.min.js (pkg:javascript/moment.js at 2.24.0) : CVE-2023-22467
commons-compiler-3.1.9.jar (pkg:maven/org.codehaus.janino/commons-compiler at 3.1.9, cpe:2.3:a:janino_project:janino:3.1.9:*:*:*:*:*:*:*) : CVE-2023-33546
commons-compress-1.21.jar (pkg:maven/org.apache.commons/commons-compress at 1.21, cpe:2.3:a:apache:commons_compress:1.21:*:*:*:*:*:*:*) : CVE-2024-25710, CVE-2024-26308
derby-10.15.2.0.jar (pkg:maven/org.apache.derby/derby at 10.15.2.0, cpe:2.3:a:apache:derby:10.15.2.0:*:*:*:*:*:*:*) : CVE-2022-46337
derbyclient-10.15.2.0.jar (pkg:maven/org.apache.derby/derbyclient at 10.15.2.0, cpe:2.3:a:apache:derby:10.15.2.0:*:*:*:*:*:*:*) : CVE-2022-46337
derbynet-10.15.2.0.jar (pkg:maven/org.apache.derby/derbynet at 10.15.2.0, cpe:2.3:a:apache:derby:10.15.2.0:*:*:*:*:*:*:*) : CVE-2022-46337
derbyshared-10.15.2.0.jar (pkg:maven/org.apache.derby/derbyshared at 10.15.2.0, cpe:2.3:a:apache:derby:10.15.2.0:*:*:*:*:*:*:*) : CVE-2022-46337
derbytools-10.15.2.0.jar (pkg:maven/org.apache.derby/derbytools at 10.15.2.0, cpe:2.3:a:apache:derby:10.15.2.0:*:*:*:*:*:*:*) : CVE-2022-46337
jackson-databind-2.12.7.1.jar (pkg:maven/com.fasterxml.jackson.core/jackson-databind at 2.12.7.1, cpe:2.3:a:fasterxml:jackson-databind:2.12.7.1:*:*:*:*:*:*:*, cpe:2.3:a:fasterxml:jackson-modules-java8:2.12.7.1:*:*:*:*:*:*:*) : CVE-2023-35116
janino-3.1.4.jar (pkg:maven/org.codehaus.janino/janino at 3.1.4, cpe:2.3:a:janino_project:janino:3.1.4:*:*:*:*:*:*:*) : CVE-2023-33546
je-5.0.103.jar (pkg:maven/com.sleepycat/je at 5.0.103, cpe:2.3:a:oracle:berkeley_db:5.0.103:*:*:*:*:*:*:*) : CVE-2017-3604, CVE-2017-3605, CVE-2017-3606, CVE-2017-3607, CVE-2017-3608, CVE-2017-3609, CVE-2017-3610, CVE-2017-3611, CVE-2017-3612, CVE-2017-3613, CVE-2017-3614, CVE-2017-3615, CVE-2017-3616, CVE-2017-3617, CVE-2020-2981, CVE-2019-2708
jetty-io-11.0.16.jar (pkg:maven/org.eclipse.jetty/jetty-io at 11.0.16, cpe:2.3:a:eclipse:jetty:11.0.16:*:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:11.0.16:*:*:*:*:*:*:*, cpe:2.3:a:mortbay_jetty:jetty:11.0.16:*:*:*:*:*:*:*) : CVE-2023-44487
jetty-server-11.0.16.jar (pkg:maven/org.eclipse.jetty/jetty-server at 11.0.16, cpe:2.3:a:eclipse:jetty:11.0.16:*:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:11.0.16:*:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty_http_server:11.0.16:*:*:*:*:*:*:*, cpe:2.3:a:mortbay_jetty:jetty:11.0.16:*:*:*:*:*:*:*) : CVE-2023-44487
logback-core-1.2.12.jar (pkg:maven/ch.qos.logback/logback-core at 1.2.12, cpe:2.3:a:qos:logback:1.2.12:*:*:*:*:*:*:*) : CVE-2023-6378, CVE-2023-6481
mina-core-2.1.3.jar (pkg:maven/org.apache.mina/mina-core at 2.1.3, cpe:2.3:a:apache:mina:2.1.3:*:*:*:*:*:*:*) : CVE-2021-41973
mysql-connector-j-8.0.33.jar (pkg:maven/com.mysql/mysql-connector-j at 8.0.33, cpe:2.3:a:mysql:mysql:8.0.33:*:*:*:*:*:*:*, cpe:2.3:a:oracle:mysql_connector\/j:8.0.33:*:*:*:*:*:*:*) : CVE-2023-22102
netty-transport-4.1.92.Final.jar (pkg:maven/io.netty/netty-transport at 4.1.92.Final, cpe:2.3:a:netty:netty:4.1.92:*:*:*:*:*:*:*) : CVE-2023-44487
okhttp-3.14.9.jar (pkg:maven/com.squareup.okhttp3/okhttp at 3.14.9, cpe:2.3:a:squareup:okhttp:3.14.9:*:*:*:*:*:*:*, cpe:2.3:a:squareup:okhttp3:3.14.9:*:*:*:*:*:*:*) : CVE-2023-0833
postgresql-42.2.27.jar (pkg:maven/org.postgresql/postgresql at 42.2.27, cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.27:*:*:*:*:*:*:*) : CVE-2024-1597
snakeyaml-1.28.jar (pkg:maven/org.yaml/snakeyaml at 1.28, cpe:2.3:a:snakeyaml_project:snakeyaml:1.28:*:*:*:*:*:*:*) : CVE-2022-25857, CVE-2022-38749, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854, CVE-2022-38750
spring-amqp-2.3.16.jar (pkg:maven/org.springframework.amqp/spring-amqp at 2.3.16, cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:2.3.16:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:2.3.16:*:*:*:*:*:*:*) : CVE-2023-34050
tomcat-embed-core-9.0.75.jar (pkg:maven/org.apache.tomcat.embed/tomcat-embed-core at 9.0.75, cpe:2.3:a:apache:tomcat:9.0.75:*:*:*:*:*:*:*, cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.75:*:*:*:*:*:*:*) : CVE-2023-44487, CVE-2023-46589, CVE-2023-42794, CVE-2023-42795, CVE-2023-45648
wicket-core-9.13.0.jar: jquery-1.12.4.js (pkg:javascript/jquery at 1.12.4) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
wicket-core-9.13.0.jar: jquery-1.12.4.min.js (pkg:javascript/jquery at 1.12.4.min) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
wicket-core-9.13.0.jar: jquery-2.2.4.js (pkg:javascript/jquery at 2.2.4) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
wicket-core-9.13.0.jar: jquery-2.2.4.min.js (pkg:javascript/jquery at 2.2.4.min) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
wicket-datetime-8.0.0-M7.jar (pkg:maven/org.apache.wicket/wicket-datetime at 8.0.0-M7, cpe:2.3:a:apache:wicket:8.0.0:m7:*:*:*:*:*:*) : CVE-2020-11976
wicket-datetime-8.0.0-M7.jar: calendar-min.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: calendar.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: dom-min.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: dom.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: event-min.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: event.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: yahoo-dom-event.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: yahoo-min.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: yahoo.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: yuiloader-min.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
wicket-datetime-8.0.0-M7.jar: yuiloader.js (pkg:javascript/YUI at 2.9.0) : CVE-2012-5881, CVE-2012-5882, CVE-2012-5883
xmlsec-2.2.5.jar (pkg:maven/org.apache.santuario/xmlsec at 2.2.5, cpe:2.3:a:apache:santuario_xml_security_for_java:2.2.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:xml_security_for_java:2.2.5:*:*:*:*:*:*:*) : CVE-2023-44483


See the dependency-check report for more details.


[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for midPoint Project 4.4.9-SNAPSHOT:
[INFO] 
[INFO] midPoint Project ................................... FAILURE [06:54 min]
[INFO] midPoint Infrastructure ............................ SKIPPED
[INFO] midPoint Infrastructure - schema ................... SKIPPED
[INFO] midPoint Repository ................................ SKIPPED
[INFO] midPoint Repository - api .......................... SKIPPED
[INFO] midPoint Task Manager - api ........................ SKIPPED
[INFO] midPoint Infrastructure - testing utils (lvl 2) .... SKIPPED
[INFO] midPoint Infrastructure - common ................... SKIPPED
[INFO] midPoint Audit - api ............................... SKIPPED
[INFO] midPoint Security - api ............................ SKIPPED
[INFO] midPoint Repository - SQL common support ........... SKIPPED
[INFO] midPoint Repository - sql repository ............... SKIPPED
[INFO] midPoint System Initialization ..................... SKIPPED
[INFO] midPoint Repository - new SQL repository ........... SKIPPED
[INFO] midPoint Repository - sql repository test .......... SKIPPED
[INFO] midPoint Repository Cache .......................... SKIPPED
[INFO] midPoint Icf Connectors ............................ SKIPPED
[INFO] Dummy Resource ..................................... SKIPPED
[INFO] midPoint Repository - test utils ................... SKIPPED
[INFO] midPoint Audit - logging impl ...................... SKIPPED
[INFO] midPoint Security Enforcer - api ................... SKIPPED
[INFO] midPoint Model ..................................... SKIPPED
[INFO] midPoint Model - api ............................... SKIPPED
[INFO] midPoint Security - impl ........................... SKIPPED
[INFO] midPoint Task Manager - Quartz impl ................ SKIPPED
[INFO] midPoint Tools ..................................... SKIPPED
[INFO] midPoint Tools - Ninja ............................. SKIPPED
[INFO] midPoint Tools - custom Spring Boot WAR/JAR layout . SKIPPED
[INFO] midPoint Infrastructure - pure JAXB schema ......... SKIPPED
[INFO] midPoint Repo Commons .............................. SKIPPED
[INFO] midPoint Security Enforcer - impl .................. SKIPPED
[INFO] midPoint Provisioning .............................. SKIPPED
[INFO] midPoint Provisioning - api ........................ SKIPPED
[INFO] Unified Connector Framework - api .................. SKIPPED
[INFO] Dummy Connector .................................... SKIPPED
[INFO] Unified Connector Framework - ConnId impl .......... SKIPPED
[INFO] Unified Connector Framework - Built-in impl ........ SKIPPED
[INFO] midPoint Provisioning - impl ....................... SKIPPED
[INFO] midPoint Model - common ............................ SKIPPED
[INFO] midPoint Notifications - api ....................... SKIPPED
[INFO] Dummy Connector Fake ............................... SKIPPED
[INFO] midPoint Model - test .............................. SKIPPED
[INFO] midPoint Report - api .............................. SKIPPED
[INFO] midPoint Workflow - api ............................ SKIPPED
[INFO] midPoint Access Certification - api ................ SKIPPED
[INFO] midPoint Model - impl .............................. SKIPPED
[INFO] midPoint Notifications - impl ...................... SKIPPED
[INFO] midPoint Model - integration tests ................. SKIPPED
[INFO] midPoint Report - impl ............................. SKIPPED
[INFO] midPoint Workflow - impl ........................... SKIPPED
[INFO] midPoint Access Certification - impl ............... SKIPPED
[INFO] midPoint REST-ish service implementation ........... SKIPPED
[INFO] midPoint Customizations ............................ SKIPPED
[INFO] midPoint User Interface ............................ SKIPPED
[INFO] midPoint User Interface - admin web gui ............ SKIPPED
[INFO] midPoint Testing Infrastructure .................... SKIPPED
[INFO] midPoint Testing - Resource Connection Tests ....... SKIPPED
[INFO] midPoint Testing - Long Tests ...................... SKIPPED
[INFO] midPoint Testing - Story Tests ..................... SKIPPED
[INFO] midPoint Testing - REST API ........................ SKIPPED
[INFO] midPoint Distribution .............................. SKIPPED
[INFO] midPoint API Distribution .......................... SKIPPED
[INFO] midPoint JavaDoc ................................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  06:58 min
[INFO] Finished at: 2024-06-12T03:32:29Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.2.1:aggregate (default-cli) on project midpoint: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis:
[ERROR] 	AnalysisException: Failed to request component-reports
[ERROR] 		caused by TransportException: Unexpected response; status: 500
[ERROR] 	AnalysisException: Failed to request component-reports
[ERROR] 		caused by TransportException: Unexpected response; status: 500
[ERROR] 	AnalysisException: Failed to request component-reports
[ERROR] 		caused by TransportException: Unexpected response; status: 500
[ERROR] 	AnalysisException: Failed to request component-reports
[ERROR] 		caused by TransportException: Unexpected response; status: 500
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // stage
[Pipeline] error
[Pipeline] step

More information about the midPoint-ci mailing list