Jenkins Automation Server

The Jenkins project released Jenkins 2.57 and 2.46.2 (LTS) to address multiple vulnerabilities within the platform, including several critical cross-site request forgery vulnerabilities that could be used by hackers to create admin accounts, redirect users to malicious websites, restart servers, install plugins, change users’ API tokens, and modify configurations. The NJCCIC recommends all Jenkins Automation Server users and administrators review the Jenkins Security Advisory and apply the necessary updates.