Skip to main content

Jenkins Multiple Vulnerabilities

Release Date: 28 Nov 2024 2428 Views

RISK: Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

Multiple vulnerabilities were identified in Jenkins. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, cross-site scripting and denial of service on the targeted system.


Impact

  • Cross-Site Scripting
  • Denial of Service
  • Security Restriction Bypass

System / Technologies affected

  • Jenkins 2.486 and earlier
  • Jenkins LTS 2.479.1 and earlier
  • Filesystem List Parameter Plugin 0.0.14 and earlier
  • Simple Queue Plugin 1.4.4 and earlier

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 


Vulnerability Identifier


Source


Related Link