jenkins
Safeguard articles tagged "jenkins" — guides, analysis, and best practices for software supply chain and application security.
15 articles
Jenkins CLI Arbitrary File Read (CVE-2024-23897) Explained
CVE-2024-23897 turned a convenience feature in Jenkins' CLI argument parser into an arbitrary file read that can escalate to full RCE. Here's the mechanism and the fix.
Jenkins Pipeline Security: Hardening the Controller and Your Builds
Jenkins is a favorite target because the controller holds every credential and runs arbitrary Groovy. This guide covers CVE-2024-23897, the plugin attack surface, credential handling, ephemeral agents, and adding scanning.
Jenkins Supply Chain Security Baseline 2026
A 2026 supply chain security baseline for Jenkins: plugin hygiene, agent isolation, Pipeline-as-Code discipline, credentials, and provenance integration.
CVE-2024-23897 Jenkins CLI File Read Deep Dive
CVE-2024-23897 is a Jenkins CLI arbitrary file-read flaw that leaks secrets and enables RCE chains. Root cause, exploitation, and patch guidance.
Jenkins CLI Java Deserialization Remote Code Execution (C...
CVE-2017-1000353 let attackers gain unauthenticated RCE on Jenkins via CLI Java deserialization. Here's the impact, timeline, and how to remediate it.
Jenkins Remote Code Execution via Groovy Metaclass (CVE-2...
CVE-2016-0792 let attackers bypass Jenkins' deserialization blacklist using Groovy's metaclass to achieve unauthenticated remote code execution via the CLI.
Jenkins CLI Deserialization RCE via Commons-Collections G...
CVE-2015-8103: unauthenticated RCE in Jenkins CLI via a Commons-Collections deserialization gadget chain. Impact, timeline, and remediation.
Jenkins Script Security Sandbox Bypass Leading to RCE (CV...
CVE-2019-1003029 let attackers escape the Jenkins Script Security sandbox and execute arbitrary code via crafted Groovy pipeline scripts.
Jenkins Arbitrary File Read via Crafted CLI Command (CVE-...
CVE-2018-1999002 let attackers read arbitrary files from Jenkins masters via crafted requests to the Stapler framework, exposing secrets and credentials.
How Snyk integrates with Jenkins to fail builds on new vu...
A mechanical look at how the Snyk Jenkins plugin scans manifests, applies severity thresholds, and turns newly disclosed vulnerabilities into failed builds.
CVE-2025-47884 in Jenkins OpenID Connect Provider: Patch Posture & SBOM Response
Jenkins OIDC Provider plugin token impersonation scored CVSS 9.1. Defender playbook for CI/CD identity infrastructure.
Jenkins + Maven Integration Security
Jenkins is still the most common Maven build driver in enterprise Java shops. It is also where most supply chain incidents start. Here is what to change before it becomes your problem.