29 0-Day Vulnerabilities Reported in 29 Jenkins Plugins

July 3, 2022 

29 0-Day Vulnerabilities Reported in 29 Jenkins Plugins

The Jenkins security team has reported 34 vulnerabilities (29 of them being 0-days) affecting 29 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to remote code execution and system compromise. 

Jenkins is an open-source automation server mostly used for the DevOps process. There are currently more than 144,000 vulnerable Jenkins servers that could be vulnerable to these 0-days. 

Affected Plugins

Mitigation

The vulnerable plugins are steadily being patched. CYREBRO recommends Jenkins users to: 

  • Review the list of vulnerable plugins and their patch status, found in Jenkin’s security advisory.  
  • If a relevant plugin is found in the list and was already patched, apply that patch in your Jenkins environment. 
  • If a relevant plugin is found in the list and a patch is not yet available, revisit the advisory later, and manually check for the plugin’s update until a patch becomes available and apply it. 

References: Jenkins Security Advisory. 

Sign Up for Updates