Secure Jenkins version

ID

unsecured_jenkins_version

Severity

high

Family

CI/ CD tools

Tags

cicd-sec-07, cicd-security, infrastructure, reachable, security, supply-chain

Description

This detector will report an issue if an instance of Jenkins is running a version that is affected by any vulnerability.

Security

Running a vulnerable Jenkins versions could lead to Software Supply Chain attacks that compromises company’s data or system by infecting legitimate applications.

Mitigation / Fix

Update Jenkins server instance to a secure version.