Jenkins Update
1679Warning Date
Severity Level
Warning Number
Target Sector
22 April, 2021
● Medium
2021-2819
All
Description:
Jenkins has released a security update to address several vulnerabilities in the following products:
- CloudBees CD Plugin
- Config File Provider Plugin
- Templating Engine Plugin
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- XML external entity (XXE) attack
- Cross-site request forgery (CSRF)
- Execute arbitrary code -remotely
Best practice and Recommendations:
The CERT team encourages users to update the affected versions and to review Jenkins security advisory: