Jenkins, an open source automation server, has been found to have two serious security flaws that could allow remote code execution on specific platforms. The business warned in a report published with The Hacker News that exploiting these flaws might allow an unauthenticated attacker to execute arbitrary code on the victim’s Jenkins server, potentially leading to a complete breach of the Jenkins server.
Cloud security company Aqua has dubbed the holes, identified as CVE-2023-27898 and CVE-2023-27905, CorePlague. They affect the Update Center and Jenkins server, respectively. Jenkins versions prior to 2.319.2 are all weak points that can be exploited.