Unable to mitigate Jenkins Vulnerability - Jenkins plugins Multiple Vulnerabilities (2022-02-15)

bharath1 · June 13, 2025, 11:09am

I am scanning my Jenkins server using Nessus tool to find any vulnerabilities. According the vulnerability report there is one vulnerability Jenkins plugins Multiple Vulnerabilities (2022-02-15) which I am not able to find a fix and it has a severity level high.

I am running Jenkins with all plugins updated to the latest version and I have even uninstalled some of the deprecated plugins.. But I still don’t know where the problem is. Any support on this is really helpful.

Jenkins setup:
Jenkins: 2.504.1
OS: Linux - 6.8.0-60-generic
Java: 17.0.15 - Ubuntu (OpenJDK 64-Bit Server VM)

ant:513.vde9e7b_a_0da_0f
antisamy-markup-formatter:173.v680e3a_b_69ff3
apache-httpcomponents-client-4-api:4.5.14-269.vfa_2321039a_83
asm-api:9.8-135.vb_2239d08ee90
authentication-tokens:1.131.v7199556c3004
bootstrap5-api:5.3.5-1
bouncycastle-api:2.30.1.80-261.v00c0e2618ec3
branch-api:2.1217.v43d8b_b_d8b_2c7
build-timeout:1.38
caffeine-api:3.2.0-166.v72a_6d74b_870f
checks-api:370.vb_61a_c57328f3
cloudbees-folder:6.1023.v4fcb_72152519
command-launcher:123.v37cfdc92ef67
commons-lang3-api:3.17.0-87.v5cf526e63b_8b_
commons-text-api:1.13.1-176.v74d88f22034b_
credentials:1415.v831096eb_5534
credentials-binding:687.v619cb_15e923f
data-tables-api:2.2.2-1
display-url-api:2.209.v582ed814ff2f
docker-commons:457.v0f62a_94f11a_3
docker-workflow:621.va_73f881d9232
durable-task:587.v84b_877235b_45
echarts-api:5.6.0-4
eddsa-api:0.3.0.1-19.vc432d923e5ee
email-ext:1876.v28d8d38315b_d
emailext-template:233.v1eb_88fc160b_5
external-monitor-job:223.vb_fddcf42c9b_3
font-awesome-api:6.7.2-1
generic-webhook-trigger:2.3.1
git:5.7.0
git-client:6.1.3
git-server:137.ve0060b_432302
github:1.43.0
github-api:1.321-488.v9b_c0da_9533f8
github-branch-source:1822.v9eec8e5e69e3
gradle:2.15
gson-api:2.13.1-139.v4569c2ef303f
hashicorp-vault-pipeline:1.4
hashicorp-vault-plugin:371.v884a_4dd60fb_6
instance-identity:203.v15e81a_1b_7a_38
ionicons-api:88.va_4187cb_eddf1
jackson2-api:2.18.3-402.v74c4eb_f122b_2
jakarta-activation-api:2.1.3-2
jakarta-mail-api:2.1.3-2
javadoc:327.vdfe586651ee0
javax-activation-api:1.2.0-8
javax-mail-api:1.6.2-11
jaxb:2.3.9-133.vb_ec76a_73f706
jdk-tool:83.v417146707a_3d
jjwt-api:0.11.5-120.v0268cf544b_89
joda-time-api:2.14.0-127.v7d9da_295a_d51
jquery:1.12.4-3
jquery3-api:3.7.1-3
jsch:0.2.16-95.v3eecb_55fa_b_78
json-api:20250517-153.vc8a_a_d87c0ce3
json-path-api:2.9.0-148.v22a_7ffe323ce
junit:1335.v6b_a_a_e18534e1
ldap:780.vcb_33c9a_e4332
lockable-resources:1349.v8b_ccb_c5487f7
mailer:489.vd4b_25144138f
mapdb-api:1.0.9-44.va_1e1310c9118
matrix-auth:3.2.6
matrix-project:849.v0cd64ed7e531
metrics:4.2.32-476.v5042e1c1edd7
mina-sshd-api-common:2.15.0-161.vb_200831a_c15b_
mina-sshd-api-core:2.15.0-161.vb_200831a_c15b_
naginator:1.504.vfc3736332f16
okhttp-api:4.11.0-189.v976fa_d3379d6
pam-auth:1.12
pipeline-build-step:567.vea_ce550ece97
pipeline-github:2.8-162.382498405fdc
pipeline-graph-analysis:241.vc3d48fb_b_2582
pipeline-groovy-lib:752.vdddedf804e72
pipeline-input-step:527.vd61b_1d3c5078
pipeline-milestone-step:138.v78ca_76831a_43
pipeline-model-api:2.2255.v56a_15e805f12
pipeline-model-definition:2.2255.v56a_15e805f12
pipeline-model-extensions:2.2255.v56a_15e805f12
pipeline-rest-api:2.38
pipeline-stage-step:322.vecffa_99f371c
pipeline-stage-tags-metadata:2.2255.v56a_15e805f12
pipeline-stage-view:2.38
plain-credentials:195.vb_906e9073dee
plugin-util-api:6.1.0
resource-disposer:0.25
run-condition:243.v3c3f94e46a_8b_
scm-api:704.v3ce5c542825a_
script-security:1373.vb_b_4a_a_c26fa_00
snakeyaml-api:2.3-125.v4d77857a_b_402
ssh-agent:386.v36cc0c7582f0
ssh-credentials:355.v9b_e5b_cde5003
ssh-slaves:3.1031.v72c6b_883b_869
ssh-steps:2.0.79.v1d1b_5f76dda_8
sshd:3.353.v2b_d33c46e970
structs:350.v3b_30f09f2363
subversion:1287.vd2d507146906
support-core:1725.va_2a_9f06eed61
text-finder:1.31
timestamper:1.29
token-macro:444.v52de7e9c573d
trilead-api:2.209.v0e69b_c43c245
variant:70.va_d9f17f859e0
workflow-aggregator:608.v67378e9d3db_1
workflow-api:1373.v7b_813f10efa_b_
workflow-basic-steps:1079.vce64b_a_929c5a_
workflow-cps:4106.v7a_8a_8176d450
workflow-durable-task-step:1405.v1fcd4a_d00096
workflow-job:1532.va_9a_d244074a_3
workflow-multibranch:806.vb_b_688f609ee9
workflow-scm-step:437.v05a_f66b_e5ef8
workflow-step-api:700.v6e45cb_a_5a_a_21
workflow-support:968.v8f17397e87b_8
ws-cleanup:0.48

bpedersen2 · June 16, 2025, 2:55pm

Just check: Jenkins Security Advisory 2022-02-15

(And the best solution is of course to just keep jenkins up to date…)

Topic		Replies	Views
How to resolve log4j vulnerabilities Ask a question	2	2334	January 21, 2022
Warnings plugin release 12.3.0 breaks our builds Using Jenkins	3	67	March 12, 2025
Jenkins Warnings Using Jenkins	3	956	March 28, 2023
Mitigating CVE-2023-27898 XSS vulnerability in plugin manager and related Ask a question question , sig-security	1	934	March 16, 2023
Confirm vulnerability resolved in version 2.462.3 Ask a question	3	56	February 10, 2025

Unable to mitigate Jenkins Vulnerability - Jenkins plugins Multiple Vulnerabilities (2022-02-15)

Jenkins setup: Jenkins: 2.504.1 OS: Linux - 6.8.0-60-generic Java: 17.0.15 - Ubuntu (OpenJDK 64-Bit Server VM)

Related topics

Jenkins setup:
Jenkins: 2.504.1
OS: Linux - 6.8.0-60-generic
Java: 17.0.15 - Ubuntu (OpenJDK 64-Bit Server VM)