Skip to main content

Jenkins Multiple Vulnerabilities

Release Date: 28 May 2024 2174 Views

RISK: Medium Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Multiple vulnerabilities were identified in Jenkins. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, sensitive information disclosure and security restriction bypass on the targeted system.

Note:
No patch is currently available for CVE-2024-5273 of the affected products. To exploit the vulnerability, attackers need to have Item/Configure permission. Hence, the risk level is rated to Medium Risk.


Impact

  • Cross-Site Scripting
  • Information Disclosure
  • Security Restriction Bypass

System / Technologies affected

  • Team Concert Git Plugin up to and including 2.0.4
  • OpenText Application Automation Tools Plugin up to and including 24.1.0
  • Report Info Plugin up to and including 1.2

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 


Vulnerability Identifier


Source


Related Link