Security News > 2022 > July > Jenkins discloses dozens of zero-day bugs in multiple plugins
2022-07-01 10:12
On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched.
The zero-days' CVSS base scores range from low to high severity, and, according to Jenkins' stats, the impacted plugins have a total of more than 22,000 installs.
Based on Shodan data, there are currently more than 144,000 Internet-exposed Jenkins servers that could be targeted in attacks if running an unpatched plugin.
Skype notifier Plugin up to and including 1.1.0.
Validating Email Parameter Plugin up to and including 1.10.
XPath Configuration Viewer Plugin up to and including 1.1.1.