Jenkins Security Alert - New Security Flaws Could Allow Code Execution Attacks


Jenkins, an open source automation server, has been found to have two serious security flaws that could allow remote code execution on specific platforms. The business warned in a report published with The Hacker News that exploiting these flaws might allow an unauthenticated attacker to execute arbitrary code on the victim’s Jenkins server, potentially leading to a complete breach of the Jenkins server.

Cloud security company Aqua has dubbed the holes, identified as CVE-2023-27898 and CVE-2023-27905, CorePlague. They affect the Update Center and Jenkins server, respectively. Jenkins versions prior to 2.319.2 are all weak points that can be exploited.

Read More…