all InfoSec news
Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague
Malware Analysis, News and Indicators - Latest topics malware.news
A chain of high-severity vulnerabilities in Jenkins, the open-source automation server program that supports the software development lifecycle, and its Update Center, has been mitigated by the Jenkins project team.
The Aqua Nautilus Research team first discovered and reported the flaws in how Jenkins processed available plug-ins, and explained how adversaries could exploit those through cross-site scripting and remote code execution attacks.
The research team, which dubbed the vulnerabilities CorePlague, explained that attackers could exploit the flaws even if the …
adversaries aqua attacks automation center code code execution cross-site development explained exploit flaws high jenkins lessons learned lifecycle patches program project remote code remote code execution research scripting server severity software software development team update vulnerabilities xss