Go to computer terminal for registration
Dear customer, Jenkins recently issues a new official security notification on multiple security vulnerabilities, including a high risk read vulnerability (CVE-2018-1999002) of any file without Jenkins authorization. This vulnerability may cause server sensitive files to be obtained by an attacker thus to result in further harm to server.
In order to prevent your business from being affected, JD Cloud security team recommends that you should conduct the security self-examination in a timely manner. If your business is in the affecting scope, please update and fix the problem in time to avoid attacks from an external attacker.
There is read vulnerability of any file in the Stapler Web framework used by Jenkins. Attackers can build malicious requests without obtaining identity authentication thus to read any file in Jenkins file system.
Versions known to be affected include:
Jenkins weekly 2.132 and all previous versions
Jenkins LTS 2.121.1 and all previous versions
It is recommended to conduct data backup and verification evaluation in advance before the change to avoid unavailability of business by the change.
Upgrade Jenkins weekly to 2.133 revision.
Upgrade Jenkins LTS to 2.121.2 revision.
Download link for new revision:https://jenkins.io/download/
JD Cloud team2018-07-31 15:21:55