Multiple Jenkins Vulnerability Let Attackers Expose Secrets

[Shane1145]

Jenkins, the widely adopted open-source automation server central to CI/CD pipelines, has disclosed four critical security vulnerabilities enabling unauthorized secret disclosure, cross-site request forgery (CSRF), and open redirect attacks.

These flaws, patched in versions 2.500 (weekly) and 2.492.2 (LTS), affect earlier releases, including Jenkins 2.499 and LTS 2.492.1. Potential impacts range from credential theft to phishing campaigns.

https://cybersecuritynews.com/jenkins-v ... e-secrets/