Jenkins Security Advisory: 7 Plugin Vulnerabilities (XSS, Deserialization, Path Traversal)
Security AdvisorySA-CORE-2026-04-29HighJenkins
Affected:
- Script Security Plugin (<= 1399.ve6a_6654776e1)
- Credentials Binding Plugin (<= 719.v80e905ef14eb_)
- Matrix Authorization Strategy Plugin (2.0-beta-1 to 3.2.9)
- GitHub Branch Source Plugin (<= 1967.vedea_d580c1a_b_a)
- GitHub Plugin (<= 1.46.0)
Fixed in:
- Script Security Plugin 1402.v94c9ce464861
- Credentials Binding Plugin 720.v36fdecfe43ea_
- Matrix Authorization Strategy Plugin 3.2.10
- GitHub Branch Source Plugin 1967.1969.v205fd594c821
- GitHub Plugin 1.46.0.1
Referenced CVEs: CVE-2026-42525
文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive
This content was auto-fetched from www.jenkins.io, cleaned by our LLM pipeline, and translated to English. View original.