Jenkins Multiple Vulnerabilities
Release Date: 28 Nov 2024
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities were identified in Jenkins. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, cross-site scripting and denial of service on the targeted system.
Impact
- Cross-Site Scripting
- Denial of Service
- Security Restriction Bypass
System / Technologies affected
- Jenkins 2.486 and earlier
- Jenkins LTS 2.479.1 and earlier
- Filesystem List Parameter Plugin 0.0.14 and earlier
- Simple Queue Plugin 1.4.4 and earlier
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
沒有留言:
發佈留言