Update Jenkins to Ubuntu 22

[halim-lee]

https://github.ibm.com/websphere/Yu-Backlog/issues/816

[AppPlatformOps]

Checks Summary

Last run: 2025-07-09T21:44:07.675Z

Code Risk Analyzer vulnerability scan found 3 vulnerabilities:

Severity	Identifier	Package	Details	Fix
🔺High	CVE-2025-6020	pam	Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without th... Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fix(es): * linux-pam: Linux-pam directory Traversal (CVE-2025-6020) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. RHSA-2025:10027: pam security update (Important)	0:1.3.1-37.el8_10
🔺High	CVE-2024-12718	platform-python	Python is an interpreted, interactive, object-oriented programming language, which includes modules,... Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435) * cpython: Bypass extraction filter to modify file metadata outside extraction directory (CVE-2024-12718) * cpython: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330) * python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517) * cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. RHSA-2025:10128: python3 security update (Important)	0:3.6.8-70.el8_10
🔺High	CVE-2024-12718	python3-libs	Python is an interpreted, interactive, object-oriented programming language, which includes modules,... Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435) * cpython: Bypass extraction filter to modify file metadata outside extraction directory (CVE-2024-12718) * cpython: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330) * python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517) * cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. RHSA-2025:10128: python3 security update (Important)	0:3.6.8-70.el8_10

[leochr]

@halim-lee Thanks for the quick fix! Looks good.

[leochr]

The check tekton/code-vulnerability-scan fails due to CVEs in the base UBI OS. Red Hat released fixes few days ago and the next week's refresh of Liberty images will likely resolve those. But we need to update this sample image this week to include it in the WLO release planned for July 15th. This failure shouldn't hold this PR from merging.

@wraschke Do you have admin access to merge the PR - even with the 1 failing check?