A security researcher has found and reported security flaws in more than 100 different Jenkins plugins over the last 18 months, and despite efforts to notify developers, many of these plugins have not received a fix. The Jenkins team has issued ten security advisories about these vulnerabilities in the last 18 months, warning developers to uninstall vulnerable extensions [ 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 , 10 ]. What is Jenkins? NCC Group Security Consultant Viktor Gazdag is credited with discovering all the vulnerabilities, all of which impact plugins for Jenkins, a common web-based application used by developer teams. Jenkins, which is coded in Java, works as a continuous integration/deployment system that allows dev teams to run automated tests and execute various operations based on test results, including deploying new apps and code to production servers. Because of its useful testing and automation features, Jenkins is wildly popular –in the enterprise sector, especially– with nearly 79,000 instances , according to Shodan, a search engine for discovering internet-connected systems. Vulnerabilities impact plugins, not Jenkins Just like with any modern web utility, Jenkins’ standard feature set can be extended via plugins,… Read full this story
- Pac-12 finances for FY17: Record revenue, stalled networks income, hidden expenses and unanswered questions
- Pac-12 Networks: Media industry report shows steep drop in subscriber fees (but don’t hit the panic button just yet)
- The Risk of Identity Theft in Fox Point-Bayside
- What's the Risk to Your Identity in Seminole Heights?
- The Risk of Identity Theft in Brandon
- The Brazen Bootlegging of a Multibillion Dollar Sports Network
- NSA files – Indonesia president calls for explanation from Australia – live
- Deford on Cosell: ’I’ve Won. I’ve Beat Them.’
- Big Lake
- Jose Abreu's mysterious journey
Security flaws in 100+ Jenkins plugins put enterprise networks at risk have 266 words, post on www.zdnet.com at May 3, 2019. This is cached page on Vietnam Dance. If you want remove this page, please contact us.