Jenkins
What is CDF?
Jenkins X
Tekton
Spinnaker
Blog
Documentation
User Guide
- Installing Jenkins
- Jenkins Pipeline
- Managing Jenkins
- System Administration
- Terms and Definitions
Solution Pages
Tutorials
- Guided Tour
- More Tutorials
Developer Guide
Contributor Guide
Plugins
Community
Overview
Chat
Meet
Events
Issue Tracker
Mailing Lists
Wiki
Account Management
Special Interest Groups
- Advocacy and Outreach
- Chinese Localization
- Cloud Native
- Documentation
- Google Summer of Code
- Hardware and EDA
- Pipeline Authoring
- Platform
- User Experience
Subprojects
Overview
Evergreen
Google Summer of Code in Jenkins
Infrastructure
CI/CD and Jenkins Area Meetups
Jenkins Configuration as Code
Jenkins Remoting
Document Jenkins on Kubernetes
About
Security
Press
Awards
Conduct
Artwork
English
中文 Chinese
Download
Jenkins Security Home
For Administrators
Overview
Security Advisories
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
Security Advisories
This page lists all security advisories that have been published so far.
2021
Jenkins Security Advisory 2021-01-13
Affects Jenkins Core
Affects Plugins:
Bumblebee HP ALM
TICS
TraceTronic ECU-TEST
2020
Jenkins Security Advisory 2020-12-03
Affects Plugins:
Chaos Monkey
CVS
Shelve Project
Affects Plugin Installation Manager Tool
Jenkins Security Advisory 2020-11-04
Affects Plugins:
Active Directory
Static Analysis Utilities
Ansible
AppSpider
AWS Global Configuration
Azure Key Vault
FindBugs
Kubernetes
Mail Commander Plugin for Jenkins-ci
Mercurial
SQLPlus Script Runner
Subversion
Visualworks Store
VMware Lab Manager Slaves
Jenkins Security Advisory 2020-10-08
Affects Plugins:
Active Choices
Audit Trail
couchdb-statistics
Maven Cascade Release
Nerrvana
Persona
Release
Role-based Authorization Strategy
Shared Objects
SMS Notification
Jenkins Security Advisory 2020-09-23
Affects Plugins:
Implied Labels
Liquibase Runner
Lockable Resources
Script Security
warnings
Jenkins Security Advisory 2020-09-16
Affects Plugins:
android-lint
Blue Ocean
chosen-views-tabbar
ClearCase Release
computer-queue-plugin
Copy data to workspace
Coverage/Complexity Scatter Plot
Custom Job Icon
Description Column
ElasTest
Email Extension
Health Advisor by CloudBees
Locked Files Report
Mailer
MongoDB
Perfecto
Pipeline Maven Integration
Radiator View
Selection tasks
Storable Configs
Validating String Parameter
Jenkins Security Advisory 2020-09-01
Affects Plugins:
Build Failure Analyzer
Cadence vManager
database
Git Parameter
JSGames
Klocwork Analysis
Parameterized Remote Trigger
ReadyAPI Functional Testing
tfs
Valgrind
Jenkins Security Advisory 2020-08-17
Affects Jenkins Core
Jenkins Security Advisory 2020-08-12
Affects Jenkins Core
Affects Plugins:
Email Extension
Flaky Test Handler
Pipeline Maven Integration
Yet Another Build Visualizer
Jenkins Security Advisory 2020-07-15
Affects Jenkins Core
Affects Plugins:
Deployer Framework
Gitlab Authentication
Matrix Authorization Strategy
Matrix Project
Jenkins Security Advisory 2020-07-02
Affects Plugins:
Compatibility Action Storage
Fortify on Demand
GitHub Coverage Reporter
HP ALM Quality Center
ElasticBox Jenkins Kubernetes CI/CD
Link Column
Slack Upload
Sonargraph Integration
Stash Branch Parameter
TestComplete support
VncRecorder
VncViewer
White Source
ZAP Pipeline
Zephyr for JIRA Test Management
Jenkins Security Advisory 2020-06-03
Affects Plugins:
Compact Columns
ECharts API
Play Framework
Project Inheritance
Script Security
Selenium
Subversion Partial Release Manager
Swarm
Jenkins Security Advisory 2020-05-06
Affects Plugins:
Amazon EC2
Copy Artifact
Credentials Binding
CVS
SCM Filter Jervis
Jenkins Security Advisory 2020-04-16
Affects Plugins:
AWS SAM
Copr
Parasoft Findings
Yaml Axis
Jenkins Security Advisory 2020-04-07
Affects Plugins:
AWSEB Deployment
Code Coverage API
FitNesse
Gatling
useMango Runner
Jenkins Security Advisory 2020-03-25
Affects Jenkins Core
Affects Plugins:
Artifactory
Azure Container Service
OpenShift Pipeline
Pipeline: AWS Steps
Queue cleanup
RapidDeploy
Jenkins Security Advisory 2020-03-09
Affects Plugins:
Audit Trail
Backlog
Cobertura
CryptoMove
DeployHub
Git
Literate
Logstash
Mac
OpenShift Deployer
P4
Quality Gates
Repository Connector
Rundeck
Script Security
Skytap Cloud CI
Sonar Quality Gates
Subversion Release Manager
Timestamper
Zephyr Enterprise Test Management
Zephyr for JIRA Test Management
Jenkins Security Advisory 2020-02-12
Affects Plugins:
Applatix
Azure AD
BMC Release Package and Deployment
brakeman
Debian Package Builder
DigitalOcean
Dynamic Extended Choice Parameter
Eagle Tester
ECX Copy Data Management
FitNesse
Git Parameter
Google Kubernetes Engine
Harvest SCM
NUnit
Parasoft Environment Manager
Pipeline GitHub Notify Step
Pipeline: Groovy
RadarGun
S3 publisher
Script Security
Subversion
Jenkins Security Advisory 2020-01-29
Affects Jenkins Core
Affects Plugins:
Code Coverage API
Fortify
WebSphere Deployer
Jenkins Security Advisory 2020-01-15
Affects Plugins:
Amazon EC2
Gitlab Hook
Health Advisor by CloudBees
Redgate SQL Change Automation
Robot Framework
Sounds
2019
Jenkins Security Advisory 2019-12-17
Affects Plugins:
Alauda DevOps Pipeline
Alauda Kubernetes Suport
Build Failure Analyzer
buildgraph-view
Gerrit Trigger
Mantis
Maven Release Plug-in
Mission Control
Pipeline Aggregator View
RapidDeploy
Redgate SQL Change Automation
Rundeck
SCTMExecutor
Spira Importer
Team Concert
WebSphere Deployer
Weibo
Jenkins Security Advisory 2019-11-21
Affects Plugins:
Anchore Container Image Scanner
Google Compute Engine
Jira
QMetry for JIRA - Test Management
Script Security
Spira Importer
Support Core
Jenkins Security Advisory 2019-10-23
Affects Plugins:
360 FireLine
Bitbucket OAuth
build-metrics
Deploy WebLogic
Dynatrace Application Monitoring
Global Post Script
kubernetes-ci
Libvirt Agents
Mattermost Notification
Sonar Gerrit
Zulip
Jenkins Security Advisory 2019-10-16
Affects Plugins:
Bumblebee HP ALM
Cadence vManager
CRX Content Package Deployer
Delphix
ElasticBox CI
Extensive Testing
Fortify on Demand
Google Kubernetes Engine
Google OAuth Credentials
iceScrum
NeoLoad
Oracle Cloud Infrastructure Compute Classic
Puppet Enterprise Pipeline
Rundeck
SOASTA CloudTest
Sofy.AI
View26 Test-Reporting
Jenkins Security Advisory 2019-10-01
Affects Plugins:
DingTalk
HTML Publisher
LDAP Email
Script Security
SourceGear Vault
Jenkins Security Advisory 2019-09-25
Affects Jenkins Core
Affects Plugins:
Aqua MicroScanner
Aqua Security Scanner
Assembla
Azure Event Grid Build Notifier
Call Remote Job
CodeScan
Data Theorem Mobile Security: CI/CD
elOyente
Gem Publisher
Git Changelog
GitLab Logo
Google Calendar
Inedo BuildMaster Plugin
Inedo ProGet Plugin
Kubernetes Pipeline - Arquillian Steps Kubernetes Pipeline - Kubernetes Steps
Log Parser
NeuVector Vulnerability Scanner
Project Inheritance
vFabric Application Director
Violation Comments to GitLab
Jenkins Security Advisory 2019-09-12
Affects Plugins:
Aqua Security Serverless Scanner
Beaker builder
Build Environment
Dashboard View
Git client
Script Security
Jenkins Security Advisory 2019-08-28
Affects Jenkins Core
Affects Plugins:
Deprecated: IBM AppScan
Splunk
Jenkins Security Advisory 2019-08-07
Affects Plugins:
Avatar
Build Pipeline
Codefresh Integration
Configuration as Code
eggPlant
File System SCM
Google Cloud Messaging Notification
Gitlab Authentication
JClouds
Mask Passwords
PegDown Formatter
Relution Enterprise Appstore Publisher
Simple Travis Pipeline Runner
TestLink
VMware Lab Manager Slaves
Wall Display Master Project
XL TestView
Jenkins Security Advisory 2019-07-31
Affects Plugins:
Amazon EC2
Configuration as Code
Google Kubernetes Engine
Maven Integration
Maven Release Plug-in
Pipeline: Shared Groovy Libraries
Script Security
Skytap Cloud CI
Jenkins Security Advisory 2019-07-17
Affects Jenkins Core
Jenkins Security Advisory 2019-07-11
Affects Plugins:
Caliper CI
Dependency Graph Viewer
Docker
Embeddable Build Status
Gogs
Mashup Portlets
Port Allocator
Jenkins Security Advisory 2019-06-11
Affects Plugins:
CloudBees CD
JX Resources
Token Macro
Jenkins Security Advisory 2019-05-31
Affects Plugins:
Artifactory
Gitea
InfluxDB
Pipeline Maven Integration
Pipeline Remote Loader
Warnings Next Generation
Jenkins Security Advisory 2019-05-21
Affects Plugins:
Credentials
PAM Authentication
Jenkins Security Advisory 2019-04-30
Affects Plugins:
analysis-core
Ansible Tower
Aqua MicroScanner
Azure AD
GitHub Authentication
Koji
SiteMonitor
Swarm
Twitter
Jenkins Security Advisory 2019-04-17
Affects Plugins:
Azure PublisherSettings Credentials
GitLab
jira-ext
ontrack Jenkins
XebiaLabs XL Deploy
Jenkins Security Advisory 2019-04-10
Affects Jenkins Core
Jenkins Security Advisory 2019-04-03
Affects Plugins:
Amazon SNS Build Notifier
Aqua Security Scanner
Assembla Auth
Audit to Database
AWS CloudWatch Logs Publisher
AWS Elastic Beanstalk Publisher
aws-device-farm
Bitbucket Approve
Bugzilla
Chef Sinatra
CloudCoreo DeployTime
CloudShare Docker-Machine
crittercism-dsym
Crowd Integration
DeployHub
Diawi Upload
Fabric Beta Publisher
FTP publisher
Gearman
HockeyApp
Hyper.sh Commons
IRC
Jabber Server
jenkins-cloudformation-plugin
jenkins-reviewbot
Jira Issue Updater
Klaros-Testmanagement
Kmap
Koji
mabl
Minio Storage
Netsparker Enterprise Scan
Nomad
Octopus Deploy
Official OWASP ZAP
Open STF
OpenID
OpenShift Deployer
perfectomobile
Relution Enterprise Appstore Publisher
Sametime
Serena SRA Deploy
SOASTA CloudTest
StarTeam
TestFairy
Trac Publisher
Upload to pgyer
veracode-scanner
VMware Lab Manager Slaves
VMware vRealize Automation
VS Team Services Continuous Deployment
WebSphere Deployer
WildFly Deployer
youtrack-plugin
Zephyr Enterprise Test Management
Jenkins Security Advisory 2019-03-25
Affects Plugins:
Arxan MAM Publisher
Codebeamer Test Results Trend Updater
ECS publisher
Fortify on Demand
Helix QAC
Lockable Resources
Pipeline: Groovy
Script Security
Slack Notification
Jenkins Security Advisory 2019-03-06
Affects Plugins:
AppDynamics Dashboard
Azure VM Agents
Bitbar Run-in-Cloud
Email Extension
Groovy
Job DSL
Matrix Project
OSF Builder Suite For Salesforce Commerce Cloud :: Deploy
Pipeline: Groovy
Rabbit-MQ Publisher
Repository Connector
Script Security
Jenkins Security Advisory 2019-02-19
Affects Plugins:
Acunetix
Arxan MAM Publisher
Cloud Foundry
CloudBees CD
JMS Messaging
Mattermost Notification
Octopus Deploy
Script Security
Jenkins Security Advisory 2019-01-28
Affects Plugins:
Active Directory
Blue Ocean
Config File Provider
Git
GitHub Authentication
Groovy
Job Import
Kanboard
Monitoring
OpenId Connect Authentication
Script Security
Token Macro
warnings
Warnings Next Generation
Jenkins Security Advisory 2019-01-16
Affects Jenkins Core
Jenkins Security Advisory 2019-01-08
Affects Plugins:
Pipeline: Declarative
Pipeline: Groovy
Script Security
2018
Jenkins Security Advisory 2018-12-05
Affects Jenkins Core
Jenkins Security Advisory 2018-10-29
Affects Plugins:
Pipeline: Groovy
Script Security
Jenkins Security Advisory 2018-10-10
Affects Jenkins Core
Jenkins Security Advisory 2018-09-25
Affects Plugins:
Arachni Scanner
Argus Notifier
Artifactory
Chatter Notifier
Config File Provider
Crowd 2 Integration
Dimensions
Email Extension Template
Git Changelog
HipChat
Jira
Job Configuration History
JUnit
Mesos Cloud
Metadata
Monitoring
MQ Notifier
PAM Authentication
Publish Over Dropbox
Rebuilder
SonarQube Scanner
Jenkins Security Advisory 2018-08-15
Affects Jenkins Core
Jenkins Security Advisory 2018-07-30
Affects Plugins:
AccuRev
Agiletestware Pangolin Connector for TestRail
Anchore Container Image Scanner
Confluence Publisher
Inedo BuildMaster Plugin
Inedo ProGet Plugin
Kubernetes
Maven Artifact ChoiceListProvider (Nexus)
meliora-testlab
Publish Over CIFS
Resource Disposer
SaltStack
Shelve Project
SSH Agent
Tinfoil Security
TraceTronic ECU-TEST
Jenkins Security Advisory 2018-07-18
Affects Jenkins Core
Jenkins Security Advisory 2018-06-25
Affects Plugins:
AWS CodeBuild
AWS CodeDeploy
AWS CodePipeline
Badge
CollabNet Plugins
Configuration as Code
fortify-cloudscan-jenkins-plugin
GitHub
IBM z/OS Connector
OpenStack Cloud
SAML
SSH Credentials
URLTrigger
Jenkins Security Advisory 2018-06-04
Affects Plugins:
AbsInt Astrée
Black Duck Hub
CAS
Git
GitHub
GitHub Branch Source
GitHub Pull Request Builder
Kubernetes
Synopsys Detect
Jenkins Security Advisory 2018-05-09
Affects Jenkins Core
Affects Plugins:
Black Duck Hub
Gitlab Hook
Groovy Postbuild
Jenkins Security Advisory 2018-04-16
Affects Plugins:
Email Extension
Google Login
HTML Publisher
S3 publisher
Jenkins Security Advisory 2018-04-11
Affects Jenkins Core
Jenkins Security Advisory 2018-03-26
Affects Plugins:
Ansible
Copy To Slave
Cucumber Living Documentation
GitHub Pull Request Builder
Liquibase Runner
Mailer
Perforce
Reverse Proxy Auth
vSphere
Jenkins Security Advisory 2018-02-26
Affects Plugins:
Azure Slave
Coverity
CppNCSS
Environment Injector
Gerrit Trigger
Git
Google Play Android Publisher
Job and Node ownership
Mercurial
promoted builds
Subversion
TestLink
Jenkins Security Advisory 2018-02-14
Affects Jenkins Core
Jenkins Security Advisory 2018-02-05
Affects Plugins:
android-lint ccm
Credentials Binding
JUnit
Pipeline: Supporting APIs
Jenkins Security Advisory 2018-01-22
Affects Plugins:
Ant
checkstyle dry findbugs
Pipeline: Nodes and Processes
pmd
Release
Translation Assistance
warnings
2017
Jenkins Security Advisory 2017-12-14 (core)
Jenkins Security Advisory 2017-12-11 (plugin)
Jenkins Security Advisory 2017-12-06 (plugin)
Jenkins Security Advisory 2017-12-05 (core and plugins)
Jenkins Security Advisory 2017-11-16 (plugin)
Jenkins Security Advisory 2017-11-08 (core)
Jenkins Security Advisory 2017-10-23 (plugins)
Jenkins Security Advisory 2017-10-11 (core and plugins)
Jenkins Security Advisory 2017-09-27 (core)
Jenkins Security Advisory 2017-08-08 (plugin)
Jenkins Security Advisory 2017-08-07 (plugins)
Jenkins Security Advisory 2017-07-10 (plugins)
Jenkins Security Advisory 2017-06-06 (plugin)
Jenkins Security Advisory 2017-04-27 (plugin)
Jenkins Security Advisory 2017-04-26 (core)
Jenkins Security Advisory 2017-04-10 (plugins)
Jenkins Security Advisory 2017-03-20 (plugins)
Jenkins Security Advisory 2017-03-09 (plugin)
Jenkins Security Advisory 2017-03-07 (plugin)
Jenkins Security Advisory 2017-02-01 (core)
2016
Jenkins Security Advisory 2016-11-16 (core)
Jenkins Security Advisory 2016-07-27 (plugin)
Jenkins Security Advisory 2016-06-20 (plugins)
Jenkins Security Advisory 2016-05-11 (core)
Jenkins Security Advisory 2016-04-11 (plugins)
Jenkins Security Advisory 2016-02-24 (core)
2015
Jenkins Security Advisory 2015-12-09 (core)
Jenkins Security Advisory 2015-11-11 (core)
Jenkins Security Advisory 2015-10-12 (plugin)
Jenkins Security Advisory 2015-10-01 (other)
Jenkins Security Advisory 2015-03-23 (core)
Jenkins Security Advisory 2015-02-27 (core and plugins)
2014
Jenkins Security Advisory 2014-10-30 (core)
Jenkins Security Advisory 2014-10-15 (other)
Jenkins Security Advisory 2014-10-01 (core and plugin)
Jenkins Security Advisory 2014-02-14 (core)
2013
Jenkins Security Advisory 2013-11-20 (plugins)
Jenkins Security Advisory 2013-05-02 (core)
Jenkins Security Advisory 2013-02-16 (core)
Jenkins Security Advisory 2013-01-04 (core)
2012
Jenkins Security Advisory 2012-11-20 (core)
Jenkins Security Advisory 2012-09-17 (core and plugins)
Jenkins Security Advisory 2012-03-05 (core)
Jenkins Security Advisory 2012-01-24 (plugin)
Jenkins Security Advisory 2012-01-12 (core)
2011
Jenkins Security Advisory 2011-11-08 (core)
Jenkins Security Advisory 2011-10-28 (plugin)
Jenkins Security Advisory 2011-10-20 (plugin)
2010
Hudson Security Advisory 2010-07-05 (core)