Jenkins Update
1664Warning Date
Severity Level
Warning Number
Target Sector
7 October, 2021
● High
2021-3635
All
Description:
Jenkins has released a security update to address several vulnerabilities in the following products:
- Jenkins weekly up to and including 2.314
- Jenkins LTS up to and including 2.303.1
- Git Plugin up to and including 4.8.2
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
- Path traversal attack
Best practice and Recommendations:
The CERT team encourages users to update the affected versions and to review Jenkins security advisory: