Jenkins Update
1686Warning Date
Severity Level
Warning Number
Target Sector
25 February, 2021
● High
2021-2528
All
Description:
Jenkins has released a security update to address a vulnerability in the following product:
- Active Choices Plugin
- up to and including 2.5.2
- Artifact Repository Parameter Plugin
- up to and including 1.0.0
- Claim Plugin
- up to and including 2.18.1
- Configuration Slicing Plugin
- up to and including 1.51
- Repository Connector Plugin
- up to and including 2.0.2
- Support Core Plugin
- up to and including 2.72
Threats:
Attacker could exploit this vulnerability by executing cross-site scripting (XSS).
Best practice and Recommendations:
The CERT team encourages users to review Jenkins security advisory and apply the necessary update: