Add workaround for mitigating CVE-2024-23897

The CVE-2024-23897 allows any anonymous user to access
any files on the filesystem by exploiting the ability
of args4j to access files content as parameters.

Until Jenkins gets upgraded to at least 2.442, LTS 2.426.3
make sure that the CLI is fully disabled, using the workaround
suggested at [1].


Bug: Issue 322839800
Change-Id: I1bd6d8c2506ff0cc9cf40b76f2306b080d0a7ef8
2 files changed
tree: 9781763fb0ffd2f302285f53fd30e708a9ff8214
  1. jenkins/
  2. jenkins-docker/
  3. vars/
  4. worker/
  5. .gitignore
  6. Jenkinsfile
  8. yamllint-config.yaml

Gerrit CI scripts

Providing jobs

This project uses Jenkins Jobs Builder [1] to generate jobs from yaml descriptor files.

To add new jobs reuse existing templates, defaults etc. as much as possible. E.g. adding a job to build an additional branch of a project may be as easy as adding the name of the branch to an existing project.

To ensure well readable yaml-files, use yamllint [2] to lint the yaml-files. Yamllint can be downloaded using Python Pip:

pip3 install --require-hashes yamllint

To run the linter, execute this command from the project's root directory:

yamllint -c yamllint-config.yaml jenkins/**/*.yaml

Yamllint will not fix detected issues itself.

[1] [2]