Hello, Jenkins Community!
I’m currently addressing the recent CLI security vulnerability (SECURITY-3314) within our organization’s Jenkins setup. Unfortunately, upgrading Jenkins immediately is not feasible for us, so we are exploring the recommended workaround of disabling the CLI. However, our operations heavily rely on using the CLI over SSH, and completely disabling CLI functionalities would significantly impact our workflow.
Given this context, I’m seeking advice on a more targeted mitigation strategy. Specifically, would disabling only the CLI HTTP endpoint suffice to mitigate the risk associated with this security issue? Or is it necessary to disable SSH access to the Jenkins CLI as well to fully address the vulnerability?
We aim to maintain our operational capabilities without compromising security, and any guidance or insights from the community on effectively managing this situation would be greatly appreciated.
Thank you in advance for your support and recommendations.