The Jenkins Security Advisory 2025-10-29 identifies various vulnerabilities including a high-severity replay attack in the SAML Plugin (CVE-2025-64131) and missing permission checks in the MCP Server Plugin (CVE-2025-64132). The issues can lead to unauthorized access and potential code execution by exploiting CI/CD pipeline weaknesses.
Additionally, other plugins exhibit medium-to-high severity flaws including CSRF vulnerabilities and exposure of credentials, with no fixes available for several. The advisory stresses the need for immediate updates and vigilant monitoring, highlighting the implications of exploit chains in corporate networks due to the unpatched instances in the Jenkins ecosystem. The community’s role in proactive disclosure is emphasized, aiming to bolster overall security in software development environments.
👉 Pročitaj original: Cyber Security News
