...
FLEXDEPLOY-9153 - The version of Guava that ships with the FlexagonAzurePlugin, FlexagonJenkinsPlugin, FlexagonOCIPlugin, FlexagonOracleSaaSFSMPlugin, FlexDeployOracleAPIGatewayPlugin, FlexDeploySiebelPlugin are affected by CVE 2023-2976. This vulnerability is not thought to affect these plugins, but the dependency will be upgraded in the future. This was resolved for all but the Jenkins plugin in version 8.0.0.0 or earlier. The Jenkins plugin version will be was updated in the future9.0.0.0.
FLEXDEPLOY-9154 - The version of Jackson Databind that ships with FlexagonAWSPlugin, FlexagonDockerPlugin, FlexagonEC2Plugin, FlexagonJenkinsPlugin is affected by CVE-2017-17485, CVE-2018-11307, and CVE-2023-35116. Because these are running on the plugin instead of the server, the risk is low, but the dependency will be upgraded in the future.
...