Security flaws in 100+ Jenkins plugins put enterprise networks at risk

A security researcher has found and reported security flaws in more than 100 different Jenkins plugins over the last 18 months, and despite efforts to notify developers, many of these plugins have not received a fix. The Jenkins team has issued ten security advisories about these vulnerabilities in the last 18 months, warning developers to uninstall vulnerable extensions [ 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 ]. What is Jenkins? NCC Group Security Consultant Viktor Gazdag is credited with discovering all the vulnerabilities, all of which impact plugins for Jenkins, a common web-based application used by developer teams. Jenkins, which is coded in Java, works as a continuous integration/deployment system that allows dev teams to run automated tests and execute various operations based on test results, including deploying new apps and code to production servers. Because of its useful testing and automation features, Jenkins is wildly popular –in the enterprise sector, especially– with nearly 79,000 instances , according to Shodan, a search engine for discovering internet-connected systems. Vulnerabilities impact plugins, not Jenkins Just like with any modern web utility, Jenkins’ standard feature set can be extended via plugins,… Read full this story

Security flaws in 100+ Jenkins plugins put enterprise networks at risk have 266 words, post on www.zdnet.com at May 3, 2019. This is cached page on Vietnam Dance. If you want remove this page, please contact us.