Security Advisories

This page lists all security advisories that have been published so far.

2021

Jenkins Security Advisory 2021-05-11
- Affects Plugins: Credentials Dashboard View P4 S3 publisher Xcode integration Xray - Test Management for Jira
Jenkins Security Advisory 2021-04-21
- Affects Plugins: CloudBees CD Config File Provider Templating Engine
Jenkins Security Advisory 2021-04-20
- Affects Jenkins Core
Jenkins Security Advisory 2021-04-07
- Affects Jenkins Core
- Affects Plugins: Micro Focus Application Automation Tools promoted builds
Jenkins Security Advisory 2021-03-30
- Affects Plugins: Build With Parameters Cloud Statistics Extra Columns Jabber (XMPP) notifier and control OWASP Dependency-Track REST List Parameter Team Foundation Server
Jenkins Security Advisory 2021-03-18
- Affects Plugins: CloudBees AWS Credentials Libvirt Agents Matrix Authorization Strategy Role-based Authorization Strategy Warnings Next Generation
Jenkins Security Advisory 2021-02-24
- Affects Plugins: Active Choices Artifact Repository Parameter Claim Configuration Slicing Repository Connector Support Core
Jenkins Security Advisory 2021-02-19
- Affects Jenkins Core
Jenkins Security Advisory 2021-01-26
- Affects Jenkins Core
Jenkins Security Advisory 2021-01-13
- Affects Jenkins Core
- Affects Plugins: Bumblebee HP ALM TICS TraceTronic ECU-TEST

2020

Jenkins Security Advisory 2020-12-03
- Affects Plugins: Chaos Monkey CVS Shelve Project
- Affects Plugin Installation Manager Tool
Jenkins Security Advisory 2020-11-04
- Affects Plugins: Active Directory Static Analysis Utilities Ansible AppSpider AWS Global Configuration Azure Key Vault FindBugs Kubernetes Mail Commander Plugin for Jenkins-ci Mercurial SQLPlus Script Runner Subversion Visualworks Store VMware Lab Manager Slaves
Jenkins Security Advisory 2020-10-08
- Affects Plugins: Active Choices Audit Trail couchdb-statistics Maven Cascade Release Nerrvana Persona Release Role-based Authorization Strategy Shared Objects SMS Notification
Jenkins Security Advisory 2020-09-23
- Affects Plugins: Implied Labels Liquibase Runner Lockable Resources Script Security warnings
Jenkins Security Advisory 2020-09-16
- Affects Plugins: android-lint Blue Ocean chosen-views-tabbar ClearCase Release computer-queue-plugin Copy data to workspace Coverage/Complexity Scatter Plot Custom Job Icon Description Column ElasTest Email Extension Health Advisor by CloudBees Locked Files Report Mailer MongoDB Perfecto Pipeline Maven Integration Radiator View Selection tasks Storable Configs Validating String Parameter
Jenkins Security Advisory 2020-09-01
- Affects Plugins: Build Failure Analyzer Cadence vManager database Git Parameter JSGames Klocwork Analysis Parameterized Remote Trigger ReadyAPI Functional Testing tfs Valgrind
Jenkins Security Advisory 2020-08-17
- Affects Jenkins Core
Jenkins Security Advisory 2020-08-12
- Affects Jenkins Core
- Affects Plugins: Email Extension Flaky Test Handler Pipeline Maven Integration Yet Another Build Visualizer
Jenkins Security Advisory 2020-07-15
- Affects Jenkins Core
- Affects Plugins: Deployer Framework Gitlab Authentication Matrix Authorization Strategy Matrix Project
Jenkins Security Advisory 2020-07-02
- Affects Plugins: Compatibility Action Storage Fortify on Demand GitHub Coverage Reporter HP ALM Quality Center ElasticBox Jenkins Kubernetes CI/CD Link Column Slack Upload Sonargraph Integration Stash Branch Parameter TestComplete support VncRecorder VncViewer White Source ZAP Pipeline Zephyr for JIRA Test Management
Jenkins Security Advisory 2020-06-03
- Affects Plugins: Compact Columns ECharts API Play Framework Project Inheritance Script Security Selenium Subversion Partial Release Manager Swarm
Jenkins Security Advisory 2020-05-06
- Affects Plugins: Amazon EC2 Copy Artifact Credentials Binding CVS SCM Filter Jervis
Jenkins Security Advisory 2020-04-16
- Affects Plugins: AWS SAM Copr Parasoft Findings Yaml Axis
Jenkins Security Advisory 2020-04-07
- Affects Plugins: AWSEB Deployment Code Coverage API FitNesse Gatling useMango Runner
Jenkins Security Advisory 2020-03-25
- Affects Jenkins Core
- Affects Plugins: Artifactory Azure Container Service OpenShift Pipeline Pipeline: AWS Steps Queue cleanup RapidDeploy
Jenkins Security Advisory 2020-03-09
- Affects Plugins: Audit Trail Backlog Cobertura CryptoMove DeployHub Git Literate Logstash Mac OpenShift Deployer P4 Quality Gates Repository Connector Rundeck Script Security Skytap Cloud CI Sonar Quality Gates Subversion Release Manager Timestamper Zephyr Enterprise Test Management Zephyr for JIRA Test Management
Jenkins Security Advisory 2020-02-12
- Affects Plugins: Applatix Azure AD BMC Release Package and Deployment brakeman Debian Package Builder DigitalOcean Dynamic Extended Choice Parameter Eagle Tester ECX Copy Data Management FitNesse Git Parameter Google Kubernetes Engine Harvest SCM NUnit Parasoft Environment Manager Pipeline GitHub Notify Step Pipeline: Groovy RadarGun S3 publisher Script Security Subversion
Jenkins Security Advisory 2020-01-29
- Affects Jenkins Core
- Affects Plugins: Code Coverage API Fortify WebSphere Deployer
Jenkins Security Advisory 2020-01-15
- Affects Plugins: Amazon EC2 Gitlab Hook Health Advisor by CloudBees Redgate SQL Change Automation Robot Framework Sounds

2019

Jenkins Security Advisory 2019-12-17
- Affects Plugins: Alauda DevOps Pipeline Alauda Kubernetes Suport Build Failure Analyzer buildgraph-view Gerrit Trigger Mantis Maven Release Plug-in Mission Control Pipeline Aggregator View RapidDeploy Redgate SQL Change Automation Rundeck SCTMExecutor Spira Importer Team Concert WebSphere Deployer Weibo
Jenkins Security Advisory 2019-11-21
- Affects Plugins: Anchore Container Image Scanner Google Compute Engine Jira QMetry for JIRA - Test Management Script Security Spira Importer Support Core
Jenkins Security Advisory 2019-10-23
- Affects Plugins: 360 FireLine Bitbucket OAuth build-metrics Deploy WebLogic Dynatrace Application Monitoring Global Post Script kubernetes-ci Libvirt Agents Mattermost Notification Sonar Gerrit Zulip
Jenkins Security Advisory 2019-10-16
- Affects Plugins: Bumblebee HP ALM Cadence vManager CRX Content Package Deployer Delphix ElasticBox CI Extensive Testing Fortify on Demand Google Kubernetes Engine Google OAuth Credentials iceScrum NeoLoad Oracle Cloud Infrastructure Compute Classic Puppet Enterprise Pipeline Rundeck SOASTA CloudTest Sofy.AI View26 Test-Reporting
Jenkins Security Advisory 2019-10-01
- Affects Plugins: DingTalk HTML Publisher LDAP Email Script Security SourceGear Vault
Jenkins Security Advisory 2019-09-25
- Affects Jenkins Core
- Affects Plugins: Aqua MicroScanner Aqua Security Scanner Assembla Azure Event Grid Build Notifier Call Remote Job CodeScan Data Theorem Mobile Security: CI/CD elOyente Gem Publisher Git Changelog GitLab Logo Google Calendar Inedo BuildMaster Plugin Inedo ProGet Plugin Kubernetes Pipeline - Arquillian Steps Kubernetes Pipeline - Kubernetes Steps Log Parser NeuVector Vulnerability Scanner Project Inheritance vFabric Application Director Violation Comments to GitLab
Jenkins Security Advisory 2019-09-12
- Affects Plugins: Aqua Security Serverless Scanner Beaker builder Build Environment Dashboard View Git client Script Security
Jenkins Security Advisory 2019-08-28
- Affects Jenkins Core
- Affects Plugins: Deprecated: IBM AppScan Splunk
Jenkins Security Advisory 2019-08-07
- Affects Plugins: Avatar Build Pipeline Codefresh Integration Configuration as Code eggPlant File System SCM Google Cloud Messaging Notification Gitlab Authentication JClouds Mask Passwords PegDown Formatter Relution Enterprise Appstore Publisher Simple Travis Pipeline Runner TestLink VMware Lab Manager Slaves Wall Display Master Project XL TestView
Jenkins Security Advisory 2019-07-31
- Affects Plugins: Amazon EC2 Configuration as Code Google Kubernetes Engine Maven Integration Maven Release Plug-in Pipeline: Shared Groovy Libraries Script Security Skytap Cloud CI
Jenkins Security Advisory 2019-07-17
- Affects Jenkins Core
Jenkins Security Advisory 2019-07-11
- Affects Plugins: Caliper CI Dependency Graph Viewer Docker Embeddable Build Status Gogs Mashup Portlets Port Allocator
Jenkins Security Advisory 2019-06-11
- Affects Plugins: CloudBees CD JX Resources Token Macro
Jenkins Security Advisory 2019-05-31
- Affects Plugins: Artifactory Gitea InfluxDB Pipeline Maven Integration Pipeline Remote Loader Warnings Next Generation
Jenkins Security Advisory 2019-05-21
- Affects Plugins: Credentials PAM Authentication
Jenkins Security Advisory 2019-04-30
- Affects Plugins: analysis-core Ansible Tower Aqua MicroScanner Azure AD GitHub Authentication Koji SiteMonitor Swarm Twitter
Jenkins Security Advisory 2019-04-17
- Affects Plugins: Azure PublisherSettings Credentials GitLab jira-ext ontrack Jenkins XebiaLabs XL Deploy
Jenkins Security Advisory 2019-04-10
- Affects Jenkins Core
Jenkins Security Advisory 2019-04-03
- Affects Plugins: Amazon SNS Build Notifier Aqua Security Scanner Assembla Auth Audit to Database AWS CloudWatch Logs Publisher AWS Elastic Beanstalk Publisher aws-device-farm Bitbucket Approve Bugzilla Chef Sinatra CloudCoreo DeployTime CloudShare Docker-Machine crittercism-dsym Crowd Integration DeployHub Diawi Upload Fabric Beta Publisher FTP publisher Gearman HockeyApp Hyper.sh Commons IRC Jabber Server jenkins-cloudformation-plugin jenkins-reviewbot Jira Issue Updater Klaros-Testmanagement Kmap Koji mabl Minio Storage Netsparker Enterprise Scan Nomad Octopus Deploy Official OWASP ZAP Open STF OpenID OpenShift Deployer perfectomobile Relution Enterprise Appstore Publisher Sametime Serena SRA Deploy SOASTA CloudTest StarTeam TestFairy Trac Publisher Upload to pgyer veracode-scanner VMware Lab Manager Slaves VMware vRealize Automation VS Team Services Continuous Deployment WebSphere Deployer WildFly Deployer youtrack-plugin Zephyr Enterprise Test Management
Jenkins Security Advisory 2019-03-25
- Affects Plugins: Codebeamer Test Results Trend Updater Digital.ai App Management Publisher ECS publisher Fortify on Demand Helix QAC Lockable Resources Pipeline: Groovy Script Security Slack Notification
Jenkins Security Advisory 2019-03-06
- Affects Plugins: AppDynamics Dashboard Azure VM Agents Bitbar Run-in-Cloud Email Extension Groovy Job DSL Matrix Project OSF Builder Suite For Salesforce Commerce Cloud :: Deploy Pipeline: Groovy Rabbit-MQ Publisher Repository Connector Script Security
Jenkins Security Advisory 2019-02-19
- Affects Plugins: Acunetix Cloud Foundry CloudBees CD Digital.ai App Management Publisher JMS Messaging Mattermost Notification Octopus Deploy Script Security
Jenkins Security Advisory 2019-01-28
- Affects Plugins: Active Directory Blue Ocean Config File Provider Git GitHub Authentication Groovy Job Import Kanboard Monitoring OpenId Connect Authentication Script Security Token Macro warnings Warnings Next Generation
Jenkins Security Advisory 2019-01-16
- Affects Jenkins Core
Jenkins Security Advisory 2019-01-08
- Affects Plugins: Pipeline: Declarative Pipeline: Groovy Script Security

2018

Jenkins Security Advisory 2018-12-05
- Affects Jenkins Core
Jenkins Security Advisory 2018-10-29
- Affects Plugins: Pipeline: Groovy Script Security
Jenkins Security Advisory 2018-10-10
- Affects Jenkins Core
Jenkins Security Advisory 2018-09-25
- Affects Plugins: Arachni Scanner Argus Notifier Artifactory Chatter Notifier Config File Provider Crowd 2 Integration Dimensions Email Extension Template Git Changelog HipChat Jira Job Configuration History JUnit Mesos Cloud Metadata Monitoring MQ Notifier PAM Authentication Publish Over Dropbox Rebuilder SonarQube Scanner
Jenkins Security Advisory 2018-08-15
- Affects Jenkins Core
Jenkins Security Advisory 2018-07-30
- Affects Plugins: AccuRev Agiletestware Pangolin Connector for TestRail Anchore Container Image Scanner Confluence Publisher Inedo BuildMaster Plugin Inedo ProGet Plugin Kubernetes Maven Artifact ChoiceListProvider (Nexus) meliora-testlab Publish Over CIFS Resource Disposer SaltStack Shelve Project SSH Agent Tinfoil Security TraceTronic ECU-TEST
Jenkins Security Advisory 2018-07-18
- Affects Jenkins Core
Jenkins Security Advisory 2018-06-25
- Affects Plugins: AWS CodeBuild AWS CodeDeploy AWS CodePipeline Badge CollabNet Plugins Configuration as Code fortify-cloudscan-jenkins-plugin GitHub IBM z/OS Connector OpenStack Cloud SAML SSH Credentials URLTrigger
Jenkins Security Advisory 2018-06-04
- Affects Plugins: AbsInt Astrée Black Duck Hub CAS Git GitHub GitHub Branch Source GitHub Pull Request Builder Kubernetes Synopsys Detect
Jenkins Security Advisory 2018-05-09
- Affects Jenkins Core
- Affects Plugins: Black Duck Hub Gitlab Hook Groovy Postbuild
Jenkins Security Advisory 2018-04-16
- Affects Plugins: Email Extension Google Login HTML Publisher S3 publisher
Jenkins Security Advisory 2018-04-11
- Affects Jenkins Core
Jenkins Security Advisory 2018-03-26
- Affects Plugins: Ansible Copy To Slave Cucumber Living Documentation GitHub Pull Request Builder Liquibase Runner Mailer Perforce Reverse Proxy Auth vSphere
Jenkins Security Advisory 2018-02-26
- Affects Plugins: Azure Slave Coverity CppNCSS Environment Injector Gerrit Trigger Git Google Play Android Publisher Job and Node ownership Mercurial promoted builds Subversion TestLink
Jenkins Security Advisory 2018-02-14
- Affects Jenkins Core
Jenkins Security Advisory 2018-02-05
- Affects Plugins: android-lint ccm Credentials Binding JUnit Pipeline: Supporting APIs
Jenkins Security Advisory 2018-01-22
- Affects Plugins: Ant checkstyle dry findbugs Pipeline: Nodes and Processes pmd Release Translation Assistance warnings

2017

2016

2015

2014

2013

2012

2011

2010

Hudson Security Advisory 2010-07-05 (core)