Secure Jenkins version

ID

unsecured_jenkins_version

Severity

high

Family

CI/ CD tools

Tags

asvs50-v12.1.1, asvs50-v13.1.1, cicd-sec-07, cicd-security, infrastructure, reachable, security, spvs10-v3.1.1, spvs10-v5.3.1, supply-chain

Description

This detector will report an issue if an instance of Jenkins is running a version that is affected by any vulnerability.

Security

Running a vulnerable Jenkins versions could lead to Software Supply Chain attacks that compromises company’s data or system by infecting legitimate applications.

Mitigation / Fix

Update Jenkins server instance to a secure version.