TR-20-912 (Jenkins Zafiyeti)

Genel Bilgi

Jenkins ve eklentilerinde kritik CSRF ve XSS zafiyetleri tespit edildi.

Etki

Birden çok mevcut güvenlik açıklığı nedeniyle, siber saldırganlar tarafından hedef alınan sistemlerde zafiyete sebebiyet verebilmektedir. Bu zafiyetin ileriki zamanlarda zararlı yazılım yaymakta da kullanılabileceği öngörülmektedir. Mevcut güncelleme ile kapatılan zafiyetlerin CVE kodları şu şekildedir CVE-2020-2319, CVE-2020-2299, CVE-2020-2300, CVE-2020-2301, CVE-2020-2302, CVE-2020-2303, CVE-2020-2304, CVE-2020-2305, CVE-2020-2306, CVE-2020-2307, CVE-2020-2308, CVE-2020-2309, CVE-2020-2310, CVE-2020-2311, CVE-2020-2312, CVE-2020-2313, CVE-2020-2314, CVE-2020-2315, CVE-2020-2316, CVE-2020-2317 ve CVE-2020-2318 .

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), sistem yöneticilerine; Jenkins güncellemelerini ivedilikle yapmalarını önermektedir.

Kaynaklar

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2299

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2300

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2301

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2302

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2303

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2304

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2305

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2306

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2307

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2308

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2319

2020-11-05