TR-19-214 (Jenkins Zafiyeti)

Genel Bilgi

Jenkins ve eklentilerinde kritik RCE zafiyetleri tespit edildi.

Etki

Birden çok mevcut güvenlik açıklığı nedeniyle, siber saldırganlar tarafından hedef alınan sistemlerde DoS zafiyetine sebebiyet verebilmektedir. Bu zafiyetin ileriki zamanlarda zararlı yazılım yaymakta da kullanılabileceği öngörülmektedir.

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), sistem yöneticilerine; Jenkins güncellemelerini ivedilikle yapmalarını önermektedir.

Kaynaklar

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10436

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10437

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10438

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10439

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10440

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10441

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10442

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10443

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10444

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10445

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10446

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10447

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10448

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10449

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10450

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10451

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10452

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10453

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10454

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10455

2019-10-17