Multiple Jenkins Plugins Multiple Security Vulnerabilities

Jenkins is prone to the following vulnerabilities:

1. Multiple security-bypass vulnerabilities
3. A cross-site request forgery vulnerability
4. Multiple information disclosure vulnerabilities

An attacker may leverage these issues to bypass security restrictions, obtain potentially-sensitive information, perform certain unauthorized actions and gain access to the affected application.

The following Jenkins plugins are vulnerable:

Acunetix Plugin 1.0.0 and prior
Arxan MAM Publisher Plugin 1.2.12 and prior
Cloud Foundry Plugin 2.3.1 and prior
ElectricFlow Plugin 1.1.4 and prior
JMS Messaging Plugin 1.1.1 and prior
Mattermost Notification Plugin 2.6.2 and prior
OctopusDeploy Plugin 1.8.1 and prior
Script Security Plugin 1.52 and prior


Privacy Statement
Copyright 2010, SecurityFocus