Jenkins Multiple Security Vulnerabilities
Jenkins is prone to the following vulnerabilities:
1. A unauthorized-access vulnerability
2. A cross-site request forgery vulnerability
An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials and gain unauthorized access to the affected application. This may aid in further attacks.
The following product versions are vulnerable:
Jenkins weekly 2.185 and prior
Jenkins LTS 2.176.1 and prior