Jenkins Security Advisory: 7 Plugin Vulnerabilities (XSS, Deserialization, Path Traversal)
Security AdvisorySA-CORE-2026-04-29HighJenkins
Affected:
- Script Security Plugin (<= 1399.ve6a_6654776e1)
- Credentials Binding Plugin (<= 719.v80e905ef14eb_)
- Matrix Authorization Strategy Plugin (2.0-beta-1 to 3.2.9)
- GitHub Branch Source Plugin (<= 1967.vedea_d580c1a_b_a)
- GitHub Plugin (<= 1.46.0)
Fixed in:
- Script Security Plugin 1402.v94c9ce464861
- Credentials Binding Plugin 720.v36fdecfe43ea_
- Matrix Authorization Strategy Plugin 3.2.10
- GitHub Branch Source Plugin 1967.1969.v205fd594c821
- GitHub Plugin 1.46.0.1
参照 CVE: CVE-2026-42525
文章内图片已隐藏以节省流量 · 升级 Pro 后可见图片及离线存档
本文由本平台从 www.jenkins.io 自动抓取,经 LLM 流水线清洗、双语翻译。版权归原作者。查看原文。