android-signing plugin CVE re-check
9 views
Skip to first unread message
Michael Nazzareno Trimarchi
Dec 26, 2025, 5:34:56 PM (yesterday) Dec 26
to jenkin...@googlegroups.com
Hi
https://plugins.jenkins.io/android-signing/
The Missing permission check allows listing workspace contents
should be fixed by
commit 33162c65c9f52ca5fa85609bdb652a5d1feda95b
Author: Sandeep <sandy...@gmail.com>
Date: Fri Feb 10 01:39:13 2023 +0530
Fix SECURITY-2404 / CVE-2022-36915
Can we update the relative page? if this is ok
https://github.com/jenkinsci/android-signing-plugin/commit/33162c65c9f52ca5fa85609bdb652a5d1feda95b
Michael
--
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
mic...@amarulasolutions.com
__________________________________
Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
in...@amarulasolutions.com
www.amarulasolutions.com
https://plugins.jenkins.io/android-signing/
The Missing permission check allows listing workspace contents
should be fixed by
commit 33162c65c9f52ca5fa85609bdb652a5d1feda95b
Author: Sandeep <sandy...@gmail.com>
Date: Fri Feb 10 01:39:13 2023 +0530
Fix SECURITY-2404 / CVE-2022-36915
Can we update the relative page? if this is ok
https://github.com/jenkinsci/android-signing-plugin/commit/33162c65c9f52ca5fa85609bdb652a5d1feda95b
Michael
--
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
mic...@amarulasolutions.com
__________________________________
Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
in...@amarulasolutions.com
www.amarulasolutions.com
Mark Waite
Dec 26, 2025, 7:31:26 PM (yesterday) Dec 26
to jenkin...@googlegroups.com
On Fri, Dec 26, 2025 at 3:34 PM Michael Nazzareno Trimarchi wrote:
Hi
https://plugins.jenkins.io/android-signing/
The Missing permission check allows listing workspace contents
should be fixed by
commit 33162c65c9f52ca5fa85609bdb652a5d1feda95b
Author: Sandeep <sandy...@gmail.com>
Date: Fri Feb 10 01:39:13 2023 +0530
Fix SECURITY-2404 / CVE-2022-36915
Can we update the relative page? if this is ok
https://github.com/jenkinsci/android-signing-plugin/commit/33162c65c9f52ca5fa85609bdb652a5d1feda95b
I believe that the process is to submit a pull request to the Update Center repository that proposes to show the issue is resolved. The security team will review the fix and review the proposed pull request and then merges the pull request when they agree that the issue is resolved.
https://github.com/jenkins-infra/update-center2/pull/896 is an example you can reference.
Mark Waite
Michael
--
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
mic...@amarulasolutions.com
__________________________________
Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
in...@amarulasolutions.com
www.amarulasolutions.com
--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/jenkinsci-dev/CAOf5uwkmp3%3D3cCTiVb22ZRUy531mztP9_6T4d8KistnJVUeGZA%40mail.gmail.com.
Michael Nazzareno Trimarchi
5:20 AM (17 hours ago) 5:20 AM
to jenkin...@googlegroups.com
Hi Mark
On Sat, Dec 27, 2025 at 1:31 AM Mark Waite <mark.ea...@gmail.com> wrote:
>
>
> On Fri, Dec 26, 2025 at 3:34 PM Michael Nazzareno Trimarchi wrote:
>>
>> Hi
>>
>> https://plugins.jenkins.io/android-signing/
>>
>> The Missing permission check allows listing workspace contents
>> should be fixed by
>>
>> commit 33162c65c9f52ca5fa85609bdb652a5d1feda95b
>> Author: Sandeep <sandy...@gmail.com>
>> Date: Fri Feb 10 01:39:13 2023 +0530
>>
>> Fix SECURITY-2404 / CVE-2022-36915
>>
>> Can we update the relative page? if this is ok
>>
>> https://github.com/jenkinsci/android-signing-plugin/commit/33162c65c9f52ca5fa85609bdb652a5d1feda95b
>>
>
> I believe that the process is to submit a pull request to the Update Center repository that proposes to show the issue is resolved. The security team will review the fix and review the proposed pull request and then merges the pull request when they agree that the issue is resolved.
>
> https://github.com/jenkins-infra/update-center2/pull/896 is an example you can reference.
>
Done, let's see
Michael
> Mark Waite
>
>>
>> Michael
>>
>> --
>> Michael Nazzareno Trimarchi
>> Co-Founder & Chief Executive Officer
>> M. +39 347 913 2170
>> mic...@amarulasolutions.com
>> __________________________________
>>
>> Amarula Solutions BV
>> Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
>> T. +31 (0)85 111 9172
>> in...@amarulasolutions.com
>> www.amarulasolutions.com
>>
>> --
>> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
>> To view this discussion visit https://groups.google.com/d/msgid/jenkinsci-dev/CAOf5uwkmp3%3D3cCTiVb22ZRUy531mztP9_6T4d8KistnJVUeGZA%40mail.gmail.com.
>
> --
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtHo80tg%2BcJDE_5rQtbwa7phZPEZjHO3FRGB5LPbcwOzAQ%40mail.gmail.com.
On Sat, Dec 27, 2025 at 1:31 AM Mark Waite <mark.ea...@gmail.com> wrote:
>
>
> On Fri, Dec 26, 2025 at 3:34 PM Michael Nazzareno Trimarchi wrote:
>>
>> Hi
>>
>> https://plugins.jenkins.io/android-signing/
>>
>> The Missing permission check allows listing workspace contents
>> should be fixed by
>>
>> commit 33162c65c9f52ca5fa85609bdb652a5d1feda95b
>> Author: Sandeep <sandy...@gmail.com>
>> Date: Fri Feb 10 01:39:13 2023 +0530
>>
>> Fix SECURITY-2404 / CVE-2022-36915
>>
>> Can we update the relative page? if this is ok
>>
>> https://github.com/jenkinsci/android-signing-plugin/commit/33162c65c9f52ca5fa85609bdb652a5d1feda95b
>>
>
> I believe that the process is to submit a pull request to the Update Center repository that proposes to show the issue is resolved. The security team will review the fix and review the proposed pull request and then merges the pull request when they agree that the issue is resolved.
>
> https://github.com/jenkins-infra/update-center2/pull/896 is an example you can reference.
>
Michael
> Mark Waite
>
>>
>> Michael
>>
>> --
>> Michael Nazzareno Trimarchi
>> Co-Founder & Chief Executive Officer
>> M. +39 347 913 2170
>> mic...@amarulasolutions.com
>> __________________________________
>>
>> Amarula Solutions BV
>> Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
>> T. +31 (0)85 111 9172
>> in...@amarulasolutions.com
>> www.amarulasolutions.com
>>
>> --
>> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
>> To view this discussion visit https://groups.google.com/d/msgid/jenkinsci-dev/CAOf5uwkmp3%3D3cCTiVb22ZRUy531mztP9_6T4d8KistnJVUeGZA%40mail.gmail.com.
>
> --
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages