Page MenuHomePhabricator

Jenkins plugins security advisory - 2020-10-08
Closed, ResolvedPublic

Description

Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software.

The following releases contain fixes for security vulnerabilities:

  • Active Choices Plugin 2.5
  • Audit Trail Plugin 3.7
  • couchdb-statistics Plugin 0.4
  • Role-based Authorization Strategy Plugin 3.1

Additionally, we announce unresolved security issues in the following
plugins:

  • Maven Cascade Release Plugin
  • Nerrvana Plugin
  • Persona Plugin
  • Release Plugin
  • Shared Objects Plugin
  • SMS Notification Plugin

Summaries of the vulnerabilities are below. More details, severity, and
attribution can be found here:
https://www.jenkins.io/security/advisory/2020-10-08/

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 8 2020, 1:02 PM
hashar closed this task as Resolved.Oct 8 2020, 1:33 PM
hashar assigned this task to MoritzMuehlenhoff.

Looks like I have missed the pre advisory announcement. I have checked the CI and release Jenkins, we do not use any of those plugins \o/