Summary
Jenkins releases updates that address “high” severity vulnerabilities in Jenkins (Core) weekly and LTS.
Risk
Vulnerability impact estimate on the target community: MEDIUM/YELLOW (63.46/100)1.
Type
- Denial of Service
Affected products and versions
Jenkins Core
- weekly, 2.486 and earlier
- LTS, 2.479.1 and earlier
Mitigation actions
In line with vendor statements, it is recommended to update the affected products following the indications reported in the security bulletin, available at the link in the References section.
Unique Vulnerability Identifiers
References
https://www.jenkins.io/security/advisory/2024-11-27
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
