Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins

January 25, 2023

Jenkins patches 9 high-severity Vulnerabilities in 22 Plugins

The Jenkins security team has reported 38 vulnerabilities (29 of them rated high-severity) affecting 22 Jenkins plugins. Successful exploitation of the vulnerabilities may lead to Sandbox bypass, gain administrator access to Jenkins and more.

The Vulnerabilities & Affected Plugins

Mitigation

The vulnerable plugins are steadily being patched. CYREBRO recommends Jenkins users to:

  • Review the list of vulnerable plugins and their patch status, found in Jenkin’s security advisory.
    • If a relevant plugin is found in the list and was already patched, apply that patch in your Jenkins environment.
    • If a relevant plugin is found in the list and a patch is not yet available, revisit the advisory later, and manually check for the plugin’s update until a patch becomes available and apply it.

References: Jenkins Security Advisory

Sign Up for Updates