Page MenuHomePhabricator

Jenkins plugins security advisory - 2020-10-08
Closed, ResolvedPublic


Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software.

The following releases contain fixes for security vulnerabilities:

  • Active Choices Plugin 2.5
  • Audit Trail Plugin 3.7
  • couchdb-statistics Plugin 0.4
  • Role-based Authorization Strategy Plugin 3.1

Additionally, we announce unresolved security issues in the following

  • Maven Cascade Release Plugin
  • Nerrvana Plugin
  • Persona Plugin
  • Release Plugin
  • Shared Objects Plugin
  • SMS Notification Plugin

Summaries of the vulnerabilities are below. More details, severity, and
attribution can be found here:

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 8 2020, 1:02 PM
hashar closed this task as Resolved.Oct 8 2020, 1:33 PM
hashar assigned this task to MoritzMuehlenhoff.

Looks like I have missed the pre advisory announcement. I have checked the CI and release Jenkins, we do not use any of those plugins \o/