July 3, 2022
29 0-Day Vulnerabilities Reported in 29 Jenkins Plugins
The Jenkins security team has reported 34 vulnerabilities (29 of them being 0-days) affecting 29 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to remote code execution and system compromise.
Jenkins is an open-source automation server mostly used for the DevOps process. There are currently more than 144,000 vulnerable Jenkins servers that could be vulnerable to these 0-days.
- A full list of the vulnerable plugins and patch status can be found in Jenkins official security advisory.
The vulnerable plugins are steadily being patched. CYREBRO recommends Jenkins users to:
- Review the list of vulnerable plugins and their patch status, found in Jenkin’s security advisory.
- If a relevant plugin is found in the list and was already patched, apply that patch in your Jenkins environment.
- If a relevant plugin is found in the list and a patch is not yet available, revisit the advisory later, and manually check for the plugin’s update until a patch becomes available and apply it.
References: Jenkins Security Advisory.