[Vulnerability Warning] Jenkins Remote Command Execution Vulnerability

2019-02-22 10:58:34
Dear user

Recently, JD Cloud Security Team detected that it was disclosed that Jenkins had a high-risk vulnerability in remote code execution. The attacker could exploit the vulnerability to execute arbitrary commands remotely on the Jenkins website.

JD Cloud security team recommends that you should conduct the security self-examination in a timely manner. If your business is in the affecting scope, please update and fix the problem in time to avoid attacks from an external attacker.

[Vulnerability Details]

https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266

[Vulnerability Level]

High Risk

[Affected Plug-in Version]

Declarative Plugin < 1.3.4.1

Groovy Plugin < 2.61.1
Script Security Plugin < 1.5.0

[Fix Recommendation]

Update relevant components to a security version

For details, refer to:https://jenkins.io/security/advisory/2019-01-08/


JD Cloud team

2019-02-22 10:58:34