Jan 24, 2024 · Exploitation requires that all of the following conditions are met: The "Resource Root URL" functionality is enabled (see documentation). Attackers can retrieve ...

Sep 20, 2023 · Description: Jenkins creates a temporary file when a plugin is deployed directly from a URL. Jenkins 2.423 and earlier, LTS 2.414.1 and ...

Jun 14, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another ...

Jul 12, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another ...

Jul 26, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another ...

May 15, 2024 · Default the built-in Jenkins Update Center URL to https://updates.jenkins.io instead of obsolete HTTP endpoint. This requires a JRE compatible with Let's ...

Jenkins LTS Upgrade Guide · Security Advisories · 2024-03-20 security advisory

Aug 16, 2023 · This vulnerability allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job. This issue ...

Oct 25, 2023 · ... URL on the build page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. As of ...

Mar 6, 2024 · This allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL. Additionally, the plugin reconfigures itself ...

May 28, 2024 · Important security fix. · Prevent authenticated access to Resource Root URL. · Improve locale parsing for loading of localised help files. · Support ...