Jenkins Update
1506Warning Date
Severity Level
Warning Number
Target Sector
6 December, 2020
● High
2020-2145
All
Description:
Jenkins has released security update to address multiple vulnerabilities in the following deliverables:
- Chaos Monkey Plugin
- up to and including 0.3
- Chaos Monkey Plugin
- up to and including 0.4
- CVS Plugin
- up to and including 2.16
- Shelve Project Plugin
- up to and including 3.0
- Plugin Installation Manager Tool
- up to and including 2.1.3
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS) attack
- Elevate privileges
Best practice and Recommendations:
The CERT team encourages users to review Jenkins security advisory and apply the necessary update: