Jenkins CVE info

mahammad-azeem · June 25, 2024, 2:57am

Hi Team,
We are currently running Jenkins LTS version 2.387.3 on azure windows vm.
The security team in our organization has raised below CVE to be addressed Jenkins Security Advisory 2023-10-18

We are not using the --http2Port argument to java -jar jenkins.war or corresponding options in service configuration files.

Do we still need to plan upgrade to address these CVEs ?

Please confirm

Regards,
Azeem

mawinter69 · June 25, 2024, 7:16am

Not this specific CVE as you don’t use http2 but there are other more severe issues in the Jenkins version that you’re using (which is about 20 month old), e.g. the one described in Jenkins Security Advisory 2024-01-24

mahammad-azeem · August 15, 2024, 2:49am

thank you for update

Topic		Replies	Views
Info on Jenkins CVE Community	4	145	July 5, 2024
Upgrading Jenkins from LTS 2.387.3 to LTS 2.426.3 Ask a question question	6	618	April 30, 2024
Multiple security vulnerabilities in Jenkins 2.393 and earlier, LTS 2.375.3 and earlier Ask a question question	6	1469	March 12, 2023
Jenkins version Upgrade in RHEL 8.5 Using Jenkins	10	277	December 3, 2024
CVE-2024-23897 is vulnerable for jenkins 2.263.1 Using Jenkins question , jenkinsfile	3	641	February 1, 2024

Jenkins CVE info

Related topics