Jenkins 5个插件安全漏洞公告 (CVE-2021-21677/21678/21679/21680/21681)

关键信息 受影响的插件 Code Coverage Plugin Microsoft Entra ID (previously Azure AD) Plugin Nested View Plugin Nomad Plugin SAML Plugin 漏洞详情 1. RCE vulnerability in Code Coverage Plugin - SEVERITY-2376 / CVE-2021-21677 - Severity (CVSS): High - Affected version: 1.4.0 and earlier 2. SAML Plugin allows bypassing CSRF protection for any URL - SEVERITY-2469 / CVE-2021-21678 - Severity (CVSS): High - Affected version: 2.0.7 and earlier 3. Microsoft Entra ID (previously Azure AD) Plugin allows bypassing CSRF protection for any URL - SEVERITY-2470 / CVE-2021-21679 - Severity (CVSS): High - Affected version: 179.vf6841393099e and earlier 4. XXE vulnerability in Nested View Plugin - SEVERITY-2411 / CVE-2021-21680 - Severity (CVSS): High - Affected version: 1.20 and earlier 5. Password stored in plain text by Nomad Plugin - SEVERITY-2396 / CVE-2021-21681 - Severity (CVSS): Low - Affected version: 0.7.4 and earlier 修复 更新 Code Coverage Plugin 到 version 1.4.1 更新 Microsoft Entra ID (previously Azure AD) Plugin 到 version 180.v8b1e80e6f242 更新 Nested View Plugin 到 version 1.21 更新 Nomad Plugin 到 version 0.7.5 更新 SAML Plugin 到 version 2.0.8

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Jenkins 5个插件安全漏洞公告 (CVE-2021-21677/21678/21679/21680/21681)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！