heise PlusAbo
Anzeige

Vulnerabilities in Jenkins plug-ins jeopardize development environments

Current versions of several Jenkins plug-ins close several security gaps.

listen Print view
Alarm symbol

(Image: JLStock/Shutterstock.com)

1 min. read
Security
By

Under certain conditions, attackers can attack software development servers with Jenkins plug-ins. These include the Azure Service Fabric and Zoom plug-ins.

The developers list the vulnerable plug-ins in a warning message. The vulnerabilities in Bitbucket Server Integration (CVE-2025-24398) and OpenId Connect Authentication (CVE-2025-24399) are classified as “high”.

Videos by heise

After successful attacks, attackers can deactivate protection against cross-site request forgery attacks (CSFR) via prepared URLs, among other things. It is also possible to access unencrypted tokens. The plug-in versions equipped against this are listed in the warning message.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten