Your review has been sent successfully

Jenkins Update

2772
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Most Viewed Warnings

Dell EMC Alert

● Critical

F5 Alert

● High

IBM Alert

● Critical

Fortinet Alert

● High

Red Hat Alert

● High

حملات تصيدية تستهدف مايكروسوفت تيمز (Microsoft Teams)

● High

Warning Date

Severity Level

Warning Number

Target Sector

5 July, 2020

● Medium

2020-1446

All

Description:

Jenkins has released security update to address multiple vulnerabilities in the following products:

  • Compatibility Action Storage Plugin up to and including 1.0
  • ElasticBox Jenkins Kubernetes CI/CD Plugin up to and including 1.3
  • Fortify on Demand Plugin up to and including 6.0.0
  • Fortify on Demand Plugin up to and including 5.0.1
  • GitHub Coverage Reporter Plugin up to and including 1.8
  • HP ALM Quality Center Plugin up to and including 1.6
  • Link Column Plugin up to and including 1.0
  • Slack Upload Plugin up to and including 1.7
  • Sonargraph Integration Plugin up to and including 3.0.0
  • Stash Branch Parameter Plugin up to and including 0.3.0
  • TestComplete support Plugin up to and including 2.4.1
  • VncRecorder Plugin up to and including 1.25
  • VncViewer Plugin up to and including 1.7
  • White Source Plugin up to and including 19.1.1
  • ZAP Pipeline Plugin up to and including 1.9
  • Zephyr for JIRA Test Management Plugin up to and including 1.5

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Cross-site scripting (XSS) attack.
  • Cross-site request forgery (CSRF).

Best practice and Recommendations:

The CERT team encourages users to review Jenkins security advisory and apply the necessary updates:

Last updated at 5 July, 2020

Rate the content

rate-icon
up icon