Jenkins ve eklentilerinde kritik CSRF ve XSS zafiyetleri tespit edildi.
Birden çok mevcut güvenlik açıklığı nedeniyle, siber saldırganlar tarafından hedef alınan sistemlerde zafiyete sebebiyet verebilmektedir. Bu zafiyetin ileriki zamanlarda zararlı yazılım yaymakta da kullanılabileceği öngörülmektedir. Mevcut güncelleme ile kapatılan zafiyetlerin CVE kodları şu şekildedir CVE-2020-2319, CVE-2020-2299, CVE-2020-2300, CVE-2020-2301, CVE-2020-2302, CVE-2020-2303, CVE-2020-2304, CVE-2020-2305, CVE-2020-2306, CVE-2020-2307, CVE-2020-2308, CVE-2020-2309, CVE-2020-2310, CVE-2020-2311, CVE-2020-2312, CVE-2020-2313, CVE-2020-2314, CVE-2020-2315, CVE-2020-2316, CVE-2020-2317 ve CVE-2020-2318 .
Ulusal Siber Olaylara Müdahale Merkezi (USOM), sistem yöneticilerine; Jenkins güncellemelerini ivedilikle yapmalarını önermektedir.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2299
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2300
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2301
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2302
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2303
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2304
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2305
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2306
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2307
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2308
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2319
2020-11-05