Jenkins Server Vulnerabilities Chained for Remote Code Execution “The Unexpected Benefits of Working Remotely: How Working from Home Can Boost Your Career” “Discover the Unforeseen Advantages of Working From Home: Enhance Your Career with Remote Employment!”
Cybersecurity firm Aqua Security warns that two recently patched vulnerabilities affecting Jenkins servers, tracked as CVE-2023-27898 and CVE-2023-27905, can be chained together to achieve remote code execution. The first vulnerability is a high-severity XSS bug that affects Jenkins versions 2.270 through 2.393 and long-term support (LTS) releases 2.277.1 through 2.375.3. The vulnerability exists because Jenkins…