Security flaws in 100+ Jenkins plugins put enterprise networks at risk | ZDNet

A security researcher has found and reported security flaws in more than 100 different Jenkins plugins over the last 18 months. Despite efforts to notify developers, many of these plugins have not received a fix. Just like with any modern web utility, Jenkins’ standard feature set can be extended via plugins. Like most open-source projects, the vast majority of Jenkins plugins have been created by third-party developers. Owners of Jenkins systems are being warned that some of these abandoned plugins may put corporate systems at risk due to unpatched security flaws, some of which are extremely dangerous.

Related links

News Security

Tags jenkins open-source plugins security third-party

1 Votes

You must log in to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.