This issue was discovered during code review and reported to the maintainers. We will be fixing this issue in the next minor release (v2.5.4) and we strongly recommend to upgrade to the latest version. In the meantime, you can prevent this vulnerability from being exploited by following the recommendations below: Avoid uploading unsafe file types (e.g. .jpg, .png, .gif) or file types that are not accepted in your hosting environment.

Ensure that your uploaded files are properly encoded (e.g. .pdf, .doc, .xls, .txt).

Always use a secure connection (e.g. HTTPS) when uploading files to avoid man-in-the-middle attacks.

What is Jenkins?

Jenkins is a free and open source automation server that continuously runs tests, verifies software quality, and automates deployment of your applications.
Jenkins provides support for many languages, frameworks, and operating systems.
The Jenkins community has contributed more than 1,000 plugins to help automate build, test, deploy, and documentation processes.
Jenkins is used by Fortune 500 companies as well as organizations of all sizes.

Vulnerability details

The issue was discovered during code review and reported to the maintainers. We will be fixing this issue in the next minor release (v2.5.4) and we strongly recommend to upgrade to the latest version. In the meantime, you can prevent this vulnerability from being exploited by following the recommendations below: Avoid uploading unsafe file types (e.g. .jpg, .png, .gif) or file types that are not accepted in your hosting environment.
Ensure that your uploaded files are properly encoded (e.g. .pdf, .doc, .xls, .txt).
Always use a secure connection (e.g. HTTPS) when uploading files to avoid man-in-the-middle attacks.

Timeline

Published on: 10/14/2022 07:15:00 UTC
Last modified on: 10/15/2022 02:37:00 UTC

References