January 25, 2023
Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins
The Jenkins security team has reported 38 vulnerabilities (29 of them rated high-severity) affecting 22 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to Sandbox bypass, gain administrator access to Jenkins and more.
The Vulnerabilities & Affected Plugins
- A full list of the vulnerabilities and the vulnerable plugins can be found in Jenkins official security advisory.
The vulnerable plugins are steadily being patched. CYREBRO recommends Jenkins users to:
- Review the list of vulnerable plugins and their patch status, found in Jenkin’s security advisory.
- If a relevant plugin is found in the list and was already patched, apply that patch in your Jenkins environment.
- If a relevant plugin is found in the list and a patch is not yet available, revisit the advisory later, and manually check for the plugin’s update until a patch becomes available and apply it.
References: Jenkins Security Advisory