Jenkins Updates
1699Warning Date
Severity Level
Warning Number
Target Sector
1 September, 2021
● High
2021-3454
All
Description:
Jenkins has released a security updates to address multiple vulnerabilities in the following products:
- Azure AD Plugin up to and including 179.vf6841393099e
- Code Coverage API Plugin up to and including 1.4.0
- Nested View Plugin up to and including 1.20
- Nomad Plugin up to and including 0.7.4
- SAML Plugin up to and including 2.0.7
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- XML external entity (XXE) attack
- Cross-site request forgery (CSRF)
Best practice and Recommendations:
The CERT team encourages users to review Jenkins security advisory and apply the necessary updates: