New Jenkins Security Advisory Highlights Severe Plugin Flaws
ID: 2e57f3b7-6aee-51da-846d-ae7f2915e3d0
STIX ID: report--2e57f3b7-6aee-51da-846d-ae7f2915e3d0
Feed Name: securityonline.info
Threat Score
This advisory details multiple high-severity vulnerabilities in the Jenkins ecosystem — including RCE through unvalidated LDAP referrals in LDAP/AD plugins, arbitrary file reads via the Email Extension image inlining, symlink and path-traversal issues in Pipeline:Groovy Libraries and Credentials Binding (leading to possible arbitrary file write and RCE), and an unpatched stored XSS in the buildgraph-view plugin — and urges immediate upgrades, mitigations, or plugin disabling to protect CI/CD controllers.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.