Jenkins Update
2029Warning Date
Severity Level
Warning Number
Target Sector
2 September, 2020
● High
2020-1707
All
Description:
Jenkins has released security update to address multiple vulnerabilities in the following deliverables:
- Build Failure Analyzer Plugin
- up to and including 1.27.0
- Cadence vManager Plugin
- up to and including 3.0.4
- database Plugin
- up to and including 1.6
- Git Parameter Plugin
- up to and including 0.9.12
- JSGames Plugin
- up to and including 0.2
- Klocwork Analysis Plugin
- up to and including 2020.2.1
- Parameterized Remote Trigger Plugin
- up to and including 3.1.3
- SoapUI Pro Functional Testing Plugin
- up to and including 1.3
- SoapUI Pro Functional Testing Plugin
- up to and including 1.5
- Team Foundation Server Plugin
- up to and including 5.157.1
- Valgrind Plugin
- up to and including 0.28
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS) attack.
- Cross-site request forgery (CSRF).
- Credentials stored in plain text.
Best practice and Recommendations:
The CERT team encourages users to review Jenkins security advisory and apply the necessary updates: