SECURITY-3153 / CVE-2023-40347 - Request Access

[Stephan Watermeyer]

Hey, need some support to fix the security issue: SECURITY-3153 / CVE-2023-40347

I am the developer of the plugin "maven-artifact-choicelistprovider" and need some details on that bug. I can login to JIRA with my user "phreakadelle" but i dont see any assigned issue to me in the SECURITY project. I've checked the permissions and emails between GitHub and JIRA, but its all set up correctly.

Would be great if someone could help me to SEE the issue in JIRA and i hope that one contains the information i need to fix the issue.

Thanks for your support

[Alexander Brandes]

Hey Stephan,

In case you cannot access SECURITY-3153 [1], I recommend to contact [2] the Jenkins security team and ask for an assignment of “phreakadelle” to SECURITY-3153.

Given your username is listed as maintainer in the repository permission updater [3], you are an eligible to be added to the issue.

Best regards,

Alex

[1] https://issues.jenkins.io/projects/SECURITY/issues/SECURITY-3153 

[2] https://www.jenkins.io/security/cna/#contact 

[3] https://github.com/jenkins-infra/repository-permissions-updater/blob/master/permissions/plugin-maven-artifact-choicelistprovider.yml 

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/bc4a7a51-bfa3-4eaa-bee3-84e28247897an%40googlegroups.com.

[Stephan Watermeyer]

Yeah i've tried to engage the Security Team but couldnt figure out HOW to do it. Therefore i've asked the question here. In the meanwhile the issue has been assigned to me and i can get the details. Thanks