Jenkins security team disclosed tens of flaws affecting 29 plugins for the Jenkins automation server, most of them are yet to be patched

The security team at Jenkins, disclosed 34 security flaws affecting 29 plugins for the Jenkins automation server, 29 of these issues are yet to be patched.

The advisory published by Jenkins discloses vulnerabilities in the following deliverables:

Tens of Jenkins plugins are affected by zero-day vulnerabilitiesSecurity Affairs

2 Likes

Most Jenkins plugins are abandoned and will never be patched.

What’s Jenkins?

It’s a build system, shouldn’t be accessed from outside an organization, it has a history of many remote code execution vulns, but you don’t want disgruntled employees exploiting it from inside either.

Ok… What exactly does that mean if you could please put it in simpler terms? I have no idea about this post’s topic

Jenkins is just a pretty GUI interface for batch files (windows) and shell scripts, usually only used by organizations where different roles are responsible for different parts of a very large application or product.

It has plugins that make it easier to do certain tasks like say…get your code from GitHub, that’s one plugin, another plugin would be to display a pretty graph of all the errors and warnings in your code. It’s versatile nature makes it prone to these types of flaws that hackers can exploit. So it’s typically only used on company intranet.

oh… clearly got it. TY!

my pleasure :slightly_smiling_face: