Jenkins security advisory (AV24-658) – Canadian Centre for Cyber Security

Serial number: AV24-658
Date: November 13, 2024

On November 13, 2024, Jenkins published a security advisory to address vulnerabilities in the following products:

  • Authorize Project Plugin – version 1.7.2 and prior
  • IvyTrigger Plugin – version 1.01 and prior
  • OpenId Connect Authentication Plugin – version 4.418.vccc7061f5b_6d and prior
  • Pipeline: Declarative Plugin – version 2.2214.vb_b_34b_2ea_9b_83 and prior
  • Pipeline: Groovy Plugin – version 3990.vd281dd77a_388 and prior
  • Script Security Plugin – version 1367.vdf2fc45f229c and prior
  • Shared Library Version Override Plugin – version 17.v786074c9fce7 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

This alert was originated From: Canadian Centre for Cyber Security

https://cyber.gc.ca/en/alerts-advisories/jenkins-security-advisory-av24-658

Leave a Reply

Your email address will not be published. Required fields are marked *