These are some contributions by members of the Jenkins security team that weren't delivered as security fixes, but still are security-related.
The Jenkins project takes security seriously. We make every possible effort to ensure users can adequately secure their automation infrastructure.
Missing: /url | Show results with:/url
Jan 24, 2024 · This advisory announces vulnerabilities in the following Jenkins deliverables: Jenkins (core); Git server Plugin · GitLab Branch Source ...
Missing: improvements/ | Show results with:improvements/
The "Security" section of the web UI allows a Jenkins administrator to enable, configure, or disable key security features which apply to the entire Jenkins ...
Missing: improvements/ | Show results with:improvements/
This chapter will introduce the various security options available to Jenkins administrators and users, explaining the protections offered, and trade-offs to ...
Missing: /url | Show results with:/url
This setting is controlled mainly by two axes: Security Realm, which determines users and their passwords, as well as what groups the users belong to.
Missing: /url improvements/
Sep 6, 2023 · This advisory announces vulnerabilities in the following Jenkins deliverables: Assembla Auth Plugin · AWS CodeCommit Trigger Plugin ...
Missing: improvements/ | Show results with:improvements/
Apr 12, 2023 · This advisory announces vulnerabilities in the following Jenkins deliverables: Assembla merge request builder Plugin ...
Aug 16, 2023 · This vulnerability allows attackers to copy an item, which could potentially automatically approve unsandboxed scripts and allow the execution ...
Jul 26, 2023 · This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. Jenkins 2.416, ...