A security researcher has found and reported security flaws in more than 100 different Jenkins plugins over the last 18 months. Despite efforts to notify developers, many of these plugins have not received a fix. Just like with any modern web utility, Jenkins’ standard feature set can be extended via plugins. Like most open-source projects, the vast majority of Jenkins plugins have been created by third-party developers. Owners of Jenkins systems are being warned that some of these abandoned plugins may put corporate systems at risk due to unpatched security flaws, some of which are extremely dangerous.