Security Advisories

2025

• Jenkins Security Advisory 2025-07-09
  
  • Affects Plugins: Apica Loadtest Applitools Eyes Aqua Security Scanner Credentials Binding Dead Man's Snitch Git Parameter HTML Publisher IBM Cloud DevOps IFTTT Build Notifier Kryptowire Nouvola DiveCloud QMetry Test Management ReadyAPI Functional Testing Sensedia Api Platform tools Statistics Gatherer Testsigma Test Plan run User1st uTester VAddy Warrior Framework Xooa
• Jenkins Security Advisory 2025-06-06
  
  • Affects Plugins: Gatling
• Jenkins Security Advisory 2025-05-14
  
  • Affects Plugins: Cadence vManager DingTalk Health Advisor by CloudBees OpenID Connect Provider WSO2 Oauth
• Jenkins Security Advisory 2025-04-10
  
  • Affects jenkins/ssh-agent Docker images
  • Affects jenkins/ssh-slave Docker images
• Jenkins Security Advisory 2025-04-02
  
  • Affects Jenkins Core
  • Affects Plugins: AsakusaSatellite Cadence vManager monitor-remote-job Simple Queue Stack Hammer Templating Engine
• Jenkins Security Advisory 2025-03-19
  
  • Affects Plugins: AnchorChain EDDSA API Zoho QEngine
• Jenkins Security Advisory 2025-03-05
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2025-01-22
  
  • Affects Plugins: Azure Service Fabric Bitbucket Server Integration Eiffel Broadcaster Folder-based Authorization Strategy GitLab OpenId Connect Authentication Zoom

2024

• Jenkins Security Advisory 2024-11-27
  
  • Affects Jenkins Core
  • Affects Plugins: Filesystem List Parameter Simple Queue
• Jenkins Security Advisory 2024-11-13
  
  • Affects Plugins: Authorize Project IvyTrigger OpenId Connect Authentication Pipeline: Declarative Pipeline: Groovy Script Security Shared Library Version Override
• Jenkins Security Advisory 2024-10-02
  
  • Affects Jenkins Core
  • Affects Plugins: Credentials OpenId Connect Authentication
• Jenkins Security Advisory 2024-08-07
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2024-06-26
  
  • Affects Plugins: Bitbucket Branch Source Plain Credentials Structs
• Jenkins Security Advisory 2024-05-24
  
  • Affects Plugins: OpenText Application Automation Tools Report Info Team Concert Git
• Jenkins Security Advisory 2024-05-02
  
  • Affects Plugins: Git server Script Security Subversion Partial Release Manager Telegram Bot
• Jenkins Security Advisory 2024-04-17
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2024-03-20
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2024-03-06
  
  • Affects Plugins: AppSpider Bitbucket Branch Source Build Monitor View Delphix docker-build-step GitBucket HTML Publisher iceScrum MQ Notifier OWASP Dependency-Check Subversion Partial Release Manager Trilead API
• Jenkins Security Advisory 2024-01-24
  
  • Affects Jenkins Core
  • Affects Plugins: Git server GitLab Branch Source Log Command Matrix Project Qualys Policy Compliance Scanning Connector Red Hat Dependency Analytics

2023

• Jenkins Security Advisory 2023-12-13
  
  • Affects Plugins: Analysis Model API Deployment Dashboard Dingding JSON Pusher HTMLResource Nexus Platform OpenId Connect Authentication PaaSLane Estimate Scriptler
• Jenkins Security Advisory 2023-11-29
  
  • Affects Plugins: Google Compute Engine Jira MATLAB NeuVector Vulnerability Scanner
• Jenkins Security Advisory 2023-10-25
  
  • Affects Plugins: CloudBees CD Edgewall Trac GitHub Gogs lambdatest-automation MSTeams Webhook Trigger Multibranch Scan Webhook Trigger Warnings Zanata
• Jenkins Security Advisory 2023-10-18
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2023-09-20
  
  • Affects Jenkins Core
  • Affects Plugins: Build Failure Analyzer
• Jenkins Security Advisory 2023-09-06
  
  • Affects Plugins: Assembla Auth AWS CodeCommit Trigger Bitbucket Push and Pull Request Frugal Testing Google Login Ivy Job Configuration History Microsoft Entra ID (previously Azure AD) Pipeline Maven Integration Qualys Container Scanning Connector SSH2 Easy TAP
• Jenkins Security Advisory 2023-08-16
  
  • Affects Plugins: Blue Ocean Config File Provider Delphix Docker Swarm Favorite View Flaky Test Handler Folders Fortify Gogs Maven Artifact ChoiceListProvider (Nexus) NodeJS Shortcut Job Tuleap Authentication
• Jenkins Security Advisory 2023-07-26
  
  • Affects Jenkins Core
  • Affects Plugins: Bazaar Chef Identity GitLab Authentication Gradle Qualys Web App Scanning Connector ServiceNow DevOps
• Jenkins Security Advisory 2023-07-12
  
  • Affects Plugins: Active Directory Assembla Auth Benchmark Evaluator Datadog ElasticBox CI External Monitor Job Type mabl MathWorks Polyspace OpenShift Login Oracle Cloud Infrastructure Compute Orka by MacStadium Pipeline restFul API Rebuilder SAML Single Sign On(SSO) Sumologic Publisher Test Results Aggregator
• Jenkins Security Advisory 2023-06-14
  
  • Affects Jenkins Core
  • Affects Plugins: AWS CodeCommit Trigger Checkmarx Digital.ai App Management Publisher Dimensions Maven Repository Server Sonargraph Integration Team Concert Template Workflows
• Jenkins Security Advisory 2023-05-16
  
  • Affects Plugins: Ansible AppSpider Azure VM Agents CAS Code Dx Email Extension File Parameter HashiCorp Vault LDAP LoadComplete support NS-ND Integration Performance Publisher Pipeline Utility Steps Pipeline: Job Reverse Proxy Auth SAML Single Sign On(SSO) Sidebar Link Tag Profiler TestComplete support TestNG Results wso2id-oauth
• Jenkins Security Advisory 2023-04-12
  
  • Affects Plugins: Assembla merge request builder Azure Key Vault Consul KV Builder Delinea Secret Server Fogbugz Image Tag Parameter Kubernetes Lucene-Search NeuVector Vulnerability Scanner Quay.io trigger Report Portal Thycotic DevOps Secrets Vault TurboScript wso2id-oauth
• Jenkins Security Advisory 2023-03-21
  
  • Affects Plugins: AbsInt a³ Convert To Pipeline Cppcheck Crap4J JaCoCo Mashup Portlets OctoPerf Load Testing Plugin Performance Publisher Phabricator Differential Pipeline Aggregator View remote-jobs-view-plugin Role-based Authorization Strategy Visual Studio Code Metrics
• Jenkins Security Advisory 2023-03-08
  
  • Affects Jenkins Core
  • Affects update-center2
• Jenkins Security Advisory 2023-02-15
  
  • Affects Plugins: Azure Credentials Email Extension JUnit Pipeline: Build Step Synopsys Coverity
• Jenkins Security Advisory 2023-02-09
  
  • Affects Jenkins Docker images
• Jenkins Security Advisory 2023-01-24
  
  • Affects Plugins: BearyChat Bitbucket OAuth Cisco Spark Notifier Gerrit Trigger GitHub Pull Request Builder GitHub Pull Request Coverage Status JIRA Pipeline Steps Keycloak Authentication Kubernetes Credentials Provider Microsoft Entra ID (previously Azure AD) MSTest OpenID OpenId Connect Authentication Orka by MacStadium PWauth Security Realm RabbitMQ Consumer Script Security Semantic Versioning TestComplete support TestQuality Updater view-cloner visualexpert

2022

• Jenkins Security Advisory 2022-12-07
  
  • Affects Plugins: Checkmarx Custom Build Properties Gitea Google Login Plot Sonar Gerrit Spring Config
• Jenkins Security Advisory 2022-11-15
  
  • Affects Plugins: Associated Files BART CCCC CloudBees Docker Hub/Registry Notification Cluster Statistics Config Rotator Delete log JAPEX JUnit loader.io Naginator NS-ND Integration Performance Publisher OSF Builder Suite : : XML Linter Pipeline Utility Steps Reverse Proxy Auth Script Security SourceMonitor Support Core Violations XP-Dev
• Jenkins Security Advisory 2022-10-19
  
  • Affects Plugins: BMC AMI DevX Code Debug Code Coverage BMC AMI DevX Source Code Download for Endevor, PDS, and Code Pipeline BMC AMI DevX Total Test BMC AMI Strobe Measurement Task Compuware Topaz Utilities Contrast Continuous Application Security Custom Checkbox Parameter 360 FireLine Generic Webhook Trigger GitLab Job Import Katalon Mercurial NeuVector Vulnerability Scanner NUnit Pipeline: Deprecated Groovy Libraries Pipeline: Groovy Pipeline: Groovy Libraries Pipeline: Input Step Pipeline: Stage View Pipeline: Supporting APIs REPO S3 Explorer ScreenRecorder Script Security Tuleap Git Branch Source XFramium Builder
• Jenkins Security Advisory 2022-09-21
  
  • Affects Jenkins Core
  • Affects Plugins: Anchore Container Image Scanner Apprenda BigPanda Notifier BMC AMI Common Configuration build-publisher CONS3RT DotCi extreme-feedback NS-ND Integration Performance Publisher RQM Rundeck SCM HttpClient Security Inspector SmallTest View26 Test-Reporting Walti WildFly Deployer Worksoft Execution Manager
• Jenkins Security Advisory 2022-09-09
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2022-08-23
  
  • Affects Plugins: CollabNet Plugins Git Job Configuration History Kubernetes Continuous Deploy
• Jenkins Security Advisory 2022-07-27
  
  • Affects Plugins: Android Signing BMC AMI DevX Code Debug Code Coverage BMC AMI DevX Code Pipeline Operations BMC AMI DevX Source Code Download for Endevor, PDS, and Code Pipeline Buckminster CLIF Performance Testing Compuware Topaz Utilities Compuware zAdviser API Coverity Deployer Framework Dynamic Extended Choice Parameter External Monitor Job Type Files Found Trigger Git Git client GitHub Google Cloud Backup HashiCorp Vault HTTP Request Job Configuration History Lucene-Search Maven Metadata Plugin for Jenkins CI server OpenShift Deployer openstack-heat Repository Connector rhnpush-plugin rpmsign-plugin
• Jenkins Security Advisory 2022-06-30
  
  • Affects Plugins: Build Notifications build-metrics Cisco Spark Deployment Dashboard Elasticsearch Query eXtreme Feedback Panel Failed Job Deactivator GitLab hpe-network-virtualization Jigomerge Matrix Reloaded OpsGenie Plot Project Inheritance Recipe Request Rename Or Delete requests-plugin Rich Text Publisher RocketChat Notifier RQM Skype notifier TestNG Results Validating Email Parameter XebiaLabs XL Release XPath Configuration Viewer
• Jenkins Security Advisory 2022-06-22
  
  • Affects Jenkins Core
  • Affects Plugins: Agent Server Parameter Beaker builder Convertigo Mobile Platform CRX Content Package Deployer Date Parameter Dynamic Extended Choice Parameter EasyQA Embeddable Build Status Filesystem List Parameter Hidden Parameter Image Tag Parameter Jianliao Notification JUnit Maven Metadata Plugin for Jenkins CI server Nested View NS-ND Integration Performance Publisher ontrack Jenkins Package Version Pipeline: Input Step Readonly Parameter Repository Connector REST List Parameter Sauce OnDemand Squash TM Publisher (Squash4Jenkins) Stash Branch Parameter ThreadFix vRealize Orchestrator xUnit
• Jenkins Security Advisory 2022-05-17
  
  • Affects Plugins: Application Detector Autocomplete Parameter Blue Ocean Git GitLab Global Variable String Parameter JDK Parameter Mercurial Multiselect parameter Pipeline SCM API for Blue Ocean Pipeline: Groovy Promoted Builds (Simple) Random String Parameter REPO Rundeck Script Security Selection tasks SSH Storable Configs vboxwrapper windows-slaves
• Jenkins Security Advisory 2022-04-12
  
  • Affects Plugins: Credentials CVS Extended Choice Parameter Gerrit Trigger Git Parameter Google Compute Engine Jira Job Generator Mask Passwords Node and Label parameter Pipeline: Deprecated Groovy Libraries promoted builds Publish Over FTP Subversion
• Jenkins Security Advisory 2022-03-29
  
  • Affects Plugins: Bitbucket Server Integration Continuous Integration with Toad Edge Coverage/Complexity Scatter Plot Flaky Test Handler instant-messaging JiraTestResultReporter Job and Node ownership Pipeline: Phoenix AutoTest Proxmox RocketChat Notifier SiteMonitor Tests Selector
• Jenkins Security Advisory 2022-03-15
  
  • Affects Plugins: AWS Credentials Dashboard View dbCharts Environment Dashboard Extended Choice Parameter Favorite Folder-based Authorization Strategy GitLab Authentication global-build-stats incapptic connect uploader kubernetes-cd List Git Branches Parameter Parameterized Trigger Release Helper Semantic Versioning Vmware vRealize CodeStream
• Jenkins Security Advisory 2022-02-15
  
  • Affects Plugins: Agent Server Parameter autonomiq Checkmarx Conjur Secrets Convertigo Mobile Platform Custom Checkbox Parameter dbCharts Doktor Fortify Generic Webhook Trigger GitLab Authentication HashiCorp Vault Pipeline: Build Step Pipeline: Deprecated Groovy Libraries Pipeline: Groovy Pipeline: Multibranch Promoted Builds (Simple) SCP publisher Chef Sinatra Snow Commander Support Core SWAMP Team Views
• Jenkins Security Advisory 2022-02-09
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2022-01-12
  
  • Affects Jenkins Core
  • Affects Plugins: Active Directory Badge batch task Bitbucket Branch Source Configuration as Code Conjur Secrets Credentials Binding Debian Package Builder Docker Commons HashiCorp Vault Mailer Matrix Project Metrics Publish Over SSH SSH Agent Warnings

2021

• Jenkins Security Advisory 2021-11-12
  
  • Affects Plugins: Active Choices OWASP Dependency-Check Performance pom2config Scriptler Squash TM Publisher (Squash4Jenkins)
• Jenkins Security Advisory 2021-11-04
  
  • Affects Jenkins Core
  • Affects Plugins: Subversion
• Jenkins Security Advisory 2021-10-06
  
  • Affects Jenkins Core
  • Affects Plugins: Git
• Jenkins Security Advisory 2021-08-31
  
  • Affects Plugins: Code Coverage Microsoft Entra ID (previously Azure AD) Nested View Nomad SAML
• Jenkins Security Advisory 2021-06-30
  
  • Affects Jenkins Core
  • Affects Plugins: CAS requests-plugin Selenium HTML report
• Jenkins Security Advisory 2021-06-18
  
  • Affects Plugins: Generic Webhook Trigger
• Jenkins Security Advisory 2021-06-16
  
  • Affects Plugins: Scriptler
• Jenkins Security Advisory 2021-06-10
  
  • Affects Plugins: Kiuwan Kubernetes CLI XebiaLabs XL Deploy
• Jenkins Security Advisory 2021-05-25
  
  • Affects Plugins: Filesystem Trigger Markdown Formatter Nuget URLTrigger
• Jenkins Security Advisory 2021-05-11
  
  • Affects Plugins: Credentials Dashboard View P4 S3 publisher Xcode integration Xray - Test Management for Jira
• Jenkins Security Advisory 2021-04-21
  
  • Affects Plugins: CloudBees CD Config File Provider Templating Engine
• Jenkins Security Advisory 2021-04-20
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2021-04-07
  
  • Affects Jenkins Core
  • Affects Plugins: OpenText Application Automation Tools promoted builds
• Jenkins Security Advisory 2021-03-30
  
  • Affects Plugins: Build With Parameters Cloud Statistics Extra Columns Jabber (XMPP) notifier and control OWASP Dependency-Track REST List Parameter Team Foundation Server
• Jenkins Security Advisory 2021-03-18
  
  • Affects Plugins: AWS Credentials Libvirt Agents Matrix Authorization Strategy Role-based Authorization Strategy Warnings
• Jenkins Security Advisory 2021-02-24
  
  • Affects Plugins: Active Choices Artifact Repository Parameter Claim Configuration Slicing Repository Connector Support Core
• Jenkins Security Advisory 2021-02-19
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2021-01-26
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2021-01-13
  
  • Affects Jenkins Core
  • Affects Plugins: Bumblebee HP ALM TICS tracetronic ecu.test

2020

• Jenkins Security Advisory 2020-12-03
  
  • Affects Plugins: Chaos Monkey CVS Shelve Project
  • Affects Plugin Installation Manager Tool
• Jenkins Security Advisory 2020-11-04
  
  • Affects Plugins: Active Directory Static Analysis Utilities Ansible AppSpider AWS Global Configuration Azure Key Vault FindBugs Kubernetes Mail Commander Plugin for Jenkins-ci Mercurial SQLPlus Script Runner Subversion Visualworks Store VMware Lab Manager Slaves
• Jenkins Security Advisory 2020-10-08
  
  • Affects Plugins: Active Choices Audit Trail couchdb-statistics Maven Cascade Release Nerrvana Persona Release Role-based Authorization Strategy Shared Objects SMS Notification
• Jenkins Security Advisory 2020-09-23
  
  • Affects Plugins: Implied Labels Liquibase Runner Lockable Resources Script Security warnings
• Jenkins Security Advisory 2020-09-16
  
  • Affects Plugins: android-lint Blue Ocean chosen-views-tabbar ClearCase Release computer-queue-plugin Copy data to workspace Coverage/Complexity Scatter Plot Custom Job Icon Description Column ElasTest Email Extension Health Advisor by CloudBees Locked Files Report Mailer MongoDB perfecto Pipeline Maven Integration Radiator View Selection tasks Storable Configs Validating String Parameter
• Jenkins Security Advisory 2020-09-01
  
  • Affects Plugins: Build Failure Analyzer Cadence vManager Database Git Parameter JSGames Klocwork Analysis Parameterized Remote Trigger ReadyAPI Functional Testing tfs Valgrind
• Jenkins Security Advisory 2020-08-17
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2020-08-12
  
  • Affects Jenkins Core
  • Affects Plugins: Email Extension Flaky Test Handler Pipeline Maven Integration Yet Another Build Visualizer
• Jenkins Security Advisory 2020-07-15
  
  • Affects Jenkins Core
  • Affects Plugins: Deployer Framework GitLab Authentication Matrix Authorization Strategy Matrix Project
• Jenkins Security Advisory 2020-07-02
  
  • Affects Plugins: Compatibility Action Storage Fortify on Demand GitHub Coverage Reporter HP ALM Quality Center ElasticBox Jenkins Kubernetes CI/CD Link Column Slack Upload Sonargraph Integration Stash Branch Parameter TestComplete support VncRecorder VncViewer whitesource ZAP Pipeline Zephyr for JIRA Test Management
• Jenkins Security Advisory 2020-06-03
  
  • Affects Plugins: Compact Columns ECharts API Play Framework Project Inheritance Script Security Selenium Subversion Partial Release Manager Swarm
• Jenkins Security Advisory 2020-05-06
  
  • Affects Plugins: Amazon EC2 Copy Artifact Credentials Binding CVS SCM Filter Jervis
• Jenkins Security Advisory 2020-04-16
  
  • Affects Plugins: AWS SAM Copr Parasoft Findings Yaml Axis
• Jenkins Security Advisory 2020-04-07
  
  • Affects Plugins: AWSEB Deployment Code Coverage FitNesse Gatling useMango Runner
• Jenkins Security Advisory 2020-03-25
  
  • Affects Jenkins Core
  • Affects Plugins: Artifactory Azure Container Service OpenShift Pipeline Pipeline: AWS Steps Queue cleanup RapidDeploy
• Jenkins Security Advisory 2020-03-09
  
  • Affects Plugins: Audit Trail Backlog Cobertura CryptoMove DeployHub Git Literate Logstash Mac OpenShift Deployer P4 Quality Gates Repository Connector Rundeck Script Security Skytap Cloud CI Sonar Quality Gates Subversion Release Manager Timestamper Zephyr Enterprise Test Management Zephyr for JIRA Test Management
• Jenkins Security Advisory 2020-02-12
  
  • Affects Plugins: Applatix BMC Release Package and Deployment brakeman debian-package-builder DigitalOcean Dynamic Extended Choice Parameter Eagle Tester ECX Copy Data Management FitNesse Git Parameter Google Kubernetes Engine Harvest SCM Microsoft Entra ID (previously Azure AD) NUnit Parasoft Environment Manager Pipeline GitHub Notify Step Pipeline: Groovy RadarGun S3 publisher Script Security Subversion
• Jenkins Security Advisory 2020-01-29
  
  • Affects Jenkins Core
  • Affects Plugins: Code Coverage Fortify WebSphere Deployer
• Jenkins Security Advisory 2020-01-15
  
  • Affects Plugins: Amazon EC2 gitlab-hook Health Advisor by CloudBees Redgate SQL Change Automation Robot Framework Sounds

2019

• Jenkins Security Advisory 2019-12-17
  
  • Affects Plugins: Alauda DevOps Pipeline Alauda Kubernetes Suport Build Failure Analyzer buildgraph-view Gerrit Trigger Mantis Maven Release Plug-in Mission Control Pipeline Aggregator View RapidDeploy Redgate SQL Change Automation Rundeck SCTMExecutor Spira Importer Team Concert WebSphere Deployer Weibo
• Jenkins Security Advisory 2019-11-21
  
  • Affects Plugins: Anchore Container Image Scanner Google Compute Engine Jira QMetry for JIRA - Test Management Script Security Spira Importer Support Core
• Jenkins Security Advisory 2019-10-23
  
  • Affects Plugins: Bitbucket OAuth build-metrics Deploy WebLogic Dynatrace Application Monitoring fireline Global Post Script kubernetes-ci Libvirt Agents Mattermost Notification Sonar Gerrit Zulip
• Jenkins Security Advisory 2019-10-16
  
  • Affects Plugins: Bumblebee HP ALM Cadence vManager CRX Content Package Deployer Delphix ElasticBox CI Extensive Testing Fortify on Demand Google Kubernetes Engine Google OAuth Credentials iceScrum NeoLoad Oracle Cloud Infrastructure Compute Classic Puppet Enterprise Pipeline Rundeck SOASTA CloudTest Sofy.AI View26 Test-Reporting
• Jenkins Security Advisory 2019-10-01
  
  • Affects Plugins: DingTalk HTML Publisher LDAP Email Script Security SourceGear Vault
• Jenkins Security Advisory 2019-09-25
  
  • Affects Jenkins Core
  • Affects Plugins: Aqua MicroScanner Aqua Security Scanner Assembla Azure Event Grid Build Notifier Call Remote Job CodeScan Data Theorem Mobile Security: CI/CD elOyente Gem Publisher Git Changelog GitLab Logo Google Calendar Inedo BuildMaster Plugin Inedo ProGet Plugin Kubernetes Pipeline - Arquillian Steps Kubernetes Pipeline - Kubernetes Steps Log Parser NeuVector Vulnerability Scanner Project Inheritance vFabric Application Director Violation Comments to GitLab
• Jenkins Security Advisory 2019-09-12
  
  • Affects Plugins: Aqua Security Serverless Scanner Beaker builder Build Environment Dashboard View Git client Script Security
• Jenkins Security Advisory 2019-08-28
  
  • Affects Jenkins Core
  • Affects Plugins: Deprecated: IBM AppScan Splunk
• Jenkins Security Advisory 2019-08-07
  
  • Affects Plugins: Avatar Build Pipeline Codefresh Integration Configuration as Code eggplant-plugin File System SCM Google Cloud Messaging Notification GitLab Authentication JClouds Mask Passwords PegDown Formatter Relution Enterprise Appstore Publisher Simple Travis Pipeline Runner TestLink VMware Lab Manager Slaves Wall Display Master Project XL TestView
• Jenkins Security Advisory 2019-07-31
  
  • Affects Plugins: Amazon EC2 Configuration as Code Google Kubernetes Engine Maven Integration Maven Release Plug-in Pipeline: Deprecated Groovy Libraries Script Security Skytap Cloud CI
• Jenkins Security Advisory 2019-07-17
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2019-07-11
  
  • Affects Plugins: Caliper CI Dependency Graph Viewer Docker Embeddable Build Status Gogs mashup-portlets-plugin Port Allocator
• Jenkins Security Advisory 2019-06-11
  
  • Affects Plugins: CloudBees CD jx-resources Token Macro
• Jenkins Security Advisory 2019-05-31
  
  • Affects Plugins: Artifactory Gitea InfluxDB Pipeline Maven Integration Pipeline Remote Loader Warnings
• Jenkins Security Advisory 2019-05-21
  
  • Affects Plugins: Credentials PAM Authentication
• Jenkins Security Advisory 2019-04-30
  
  • Affects Plugins: analysis-core Ansible Tower Aqua MicroScanner GitHub Authentication Koji Microsoft Entra ID (previously Azure AD) SiteMonitor Swarm Twitter
• Jenkins Security Advisory 2019-04-17
  
  • Affects Plugins: Azure PublisherSettings Credentials GitLab jira-ext ontrack Jenkins XebiaLabs XL Deploy
• Jenkins Security Advisory 2019-04-10
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2019-04-03
  
  • Affects Plugins: Amazon SNS Build Notifier Aqua Security Scanner Assembla Auth Audit to Database AWS CloudWatch Logs Publisher AWS Elastic Beanstalk Publisher aws-device-farm Bitbucket Approve Bugzilla CloudCoreo DeployTime CloudFormation CloudShare Docker-Machine crittercism-dsym Crowd Integration DeployHub Diawi Upload fabric-beta-publisher FTP publisher Gearman HockeyApp Hyper.sh Commons IRC Jabber Server jenkins-reviewbot Jira Issue Updater Klaros-Testmanagement kmap-jenkins Koji mabl Minio Storage Netsparker Enterprise Scan Nomad Octopus Deploy Official OWASP ZAP Open STF OpenID OpenShift Deployer perfectomobile Relution Enterprise Appstore Publisher Sametime Serena SRA Deploy sinatra-chef-builder SOASTA CloudTest starteam TestFairy Trac Publisher Upload to pgyer veracode-scanner VMware Lab Manager Slaves VMware vRealize Automation VS Team Services Continuous Deployment WebSphere Deployer WildFly Deployer youtrack-plugin Zephyr Enterprise Test Management
• Jenkins Security Advisory 2019-03-25
  
  • Affects Plugins: Codebeamer Test Results Trend Updater Digital.ai App Management Publisher ECS publisher Fortify on Demand Helix QAC Lockable Resources Pipeline: Groovy Script Security Slack Notification
• Jenkins Security Advisory 2019-03-06
  
  • Affects Plugins: AppDynamics Dashboard Azure VM Agents Bitbar Run-in-Cloud Email Extension Groovy Job DSL Matrix Project OSF Builder Suite For Salesforce Commerce Cloud :: Deploy Pipeline: Groovy Rabbit-MQ Publisher Repository Connector Script Security
• Jenkins Security Advisory 2019-02-19
  
  • Affects Plugins: Acunetix Cloud Foundry CloudBees CD Digital.ai App Management Publisher JMS Messaging Mattermost Notification Octopus Deploy Script Security
• Jenkins Security Advisory 2019-01-28
  
  • Affects Plugins: Active Directory Blue Ocean Config File Provider Git GitHub Authentication Groovy Job Import Kanboard Monitoring OpenId Connect Authentication Script Security Token Macro warnings Warnings
• Jenkins Security Advisory 2019-01-16
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2019-01-08
  
  • Affects Plugins: Pipeline: Declarative Pipeline: Groovy Script Security

2018

• Jenkins Security Advisory 2018-12-05
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2018-10-29
  
  • Affects Plugins: Pipeline: Groovy Script Security
• Jenkins Security Advisory 2018-10-10
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2018-09-25
  
  • Affects Plugins: Arachni Scanner Argus Notifier Artifactory Chatter Notifier Config File Provider crowd2 Dimensions Email Extension Template Git Changelog HipChat Jira Job Configuration History JUnit Mesos Cloud Metadata Monitoring MQ Notifier PAM Authentication Publish Over Dropbox Rebuilder SonarQube Scanner
• Jenkins Security Advisory 2018-08-15
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2018-07-30
  
  • Affects Plugins: AccuRev Agiletestware Pangolin Connector for TestRail Anchore Container Image Scanner confluence-publisher Inedo BuildMaster Plugin Inedo ProGet Plugin Kubernetes Maven Artifact ChoiceListProvider (Nexus) meliora-testlab Publish Over CIFS Resource Disposer SaltStack Shelve Project SSH Agent Tinfoil Security tracetronic ecu.test
• Jenkins Security Advisory 2018-07-18
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2018-06-25
  
  • Affects Plugins: AWS CodeBuild AWS CodeDeploy AWS CodePipeline Badge CollabNet Plugins Configuration as Code fortify-cloudscan-jenkins-plugin GitHub IBM z/OS Connector Openstack Cloud SAML SSH Credentials URLTrigger
• Jenkins Security Advisory 2018-06-04
  
  • Affects Plugins: AbsInt Astrée Black Duck Detect Black Duck Hub CAS Git GitHub GitHub Branch Source GitHub Pull Request Builder Kubernetes
• Jenkins Security Advisory 2018-05-09
  
  • Affects Jenkins Core
  • Affects Plugins: Black Duck Hub gitlab-hook Groovy Postbuild
• Jenkins Security Advisory 2018-04-16
  
  • Affects Plugins: Email Extension Google Login HTML Publisher S3 publisher
• Jenkins Security Advisory 2018-04-11
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2018-03-26
  
  • Affects Plugins: Ansible Copy To Slave Cucumber Living Documentation GitHub Pull Request Builder Liquibase Runner Mailer Perforce Reverse Proxy Auth vSphere
• Jenkins Security Advisory 2018-02-26
  
  • Affects Plugins: Azure Slave Coverity CppNCSS Environment Injector Gerrit Trigger Git Google Play Android Publisher Job and Node ownership Mercurial promoted builds Subversion TestLink
• Jenkins Security Advisory 2018-02-14
  
  • Affects Jenkins Core
• Jenkins Security Advisory 2018-02-05
  
  • Affects Plugins: android-lint ccm Credentials Binding JUnit Pipeline: Supporting APIs
• Jenkins Security Advisory 2018-01-22
  
  • Affects Plugins: Ant checkstyle dry findbugs Pipeline: Nodes and Processes pmd Release Translation Assistance warnings

2017

• Jenkins Security Advisory 2017-12-14 (core)
• Jenkins Security Advisory 2017-12-11 (plugin)
• Jenkins Security Advisory 2017-12-06 (plugin)
• Jenkins Security Advisory 2017-12-05 (core and plugins)
• Jenkins Security Advisory 2017-11-16 (plugin)
• Jenkins Security Advisory 2017-11-08 (core)
• Jenkins Security Advisory 2017-10-23 (plugins)
• Jenkins Security Advisory 2017-10-11 (core and plugins)
• Jenkins Security Advisory 2017-09-27 (core)
• Jenkins Security Advisory 2017-08-08 (plugin)
• Jenkins Security Advisory 2017-08-07 (plugins)
• Jenkins Security Advisory 2017-07-10 (plugins)
• Jenkins Security Advisory 2017-06-06 (plugin)
• Jenkins Security Advisory 2017-04-27 (plugin)
• Jenkins Security Advisory 2017-04-26 (core)
• Jenkins Security Advisory 2017-04-10 (plugins)
• Jenkins Security Advisory 2017-03-20 (plugins)
• Jenkins Security Advisory 2017-03-09 (plugin)
• Jenkins Security Advisory 2017-03-07 (plugin)
• Jenkins Security Advisory 2017-02-01 (core)

2016

• Jenkins Security Advisory 2016-11-16 (core)
• Jenkins Security Advisory 2016-07-27 (plugin)
• Jenkins Security Advisory 2016-06-20 (plugins)
• Jenkins Security Advisory 2016-05-11 (core)
• Jenkins Security Advisory 2016-04-11 (plugins)
• Jenkins Security Advisory 2016-02-24 (core)

2015

• Jenkins Security Advisory 2015-12-09 (core)
• Jenkins Security Advisory 2015-11-11 (core)
• Jenkins Security Advisory 2015-10-12 (plugin)
• Jenkins Security Advisory 2015-10-01 (other)
• Jenkins Security Advisory 2015-03-23 (core)
• Jenkins Security Advisory 2015-02-27 (core and plugins)

2014

• Jenkins Security Advisory 2014-10-30 (core)
• Jenkins Security Advisory 2014-10-15 (other)
• Jenkins Security Advisory 2014-10-01 (core and plugin)
• Jenkins Security Advisory 2014-02-14 (core)

2013

• Jenkins Security Advisory 2013-11-20 (plugins)
• Jenkins Security Advisory 2013-05-02 (core)
• Jenkins Security Advisory 2013-02-16 (core)
• Jenkins Security Advisory 2013-01-04 (core)

2012

• Jenkins Security Advisory 2012-11-20 (core)
• Jenkins Security Advisory 2012-09-17 (core and plugins)
• Jenkins Security Advisory 2012-03-05 (core)
• Jenkins Security Advisory 2012-01-24 (plugin)
• Jenkins Security Advisory 2012-01-12 (core)

2011

• Jenkins Security Advisory 2011-11-08 (core)
• Jenkins Security Advisory 2011-10-28 (plugin)
• Jenkins Security Advisory 2011-10-20 (plugin)

2010

• Hudson Security Advisory 2010-07-05 (core)