Jenkins Enterprise and Operations Center < 2.249.31.0.1 / 2.277.3.1 DoS (CloudBees Security Advisory 2021-04-20)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.1, or 2.x prior to 2.277.3.1. It is, therefore, affected by a denial of service vulnerability due to an issue with Winstone-Jetty. An unauthenticated, remote attacker can...

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of...