Safeguard
Tag

jenkins

Safeguard articles tagged "jenkins" — guides, analysis, and best practices for software supply chain and application security.

15 articles

Vulnerability Analysis

Jenkins CLI Arbitrary File Read (CVE-2024-23897) Explained

CVE-2024-23897 turned a convenience feature in Jenkins' CLI argument parser into an arbitrary file read that can escalate to full RCE. Here's the mechanism and the fix.

Jul 6, 20265 min read
DevSecOps

Jenkins Pipeline Security: Hardening the Controller and Your Builds

Jenkins is a favorite target because the controller holds every credential and runs arbitrary Groovy. This guide covers CVE-2024-23897, the plugin attack surface, credential handling, ephemeral agents, and adding scanning.

Jul 3, 20266 min read
DevSecOps

Jenkins Supply Chain Security Baseline 2026

A 2026 supply chain security baseline for Jenkins: plugin hygiene, agent isolation, Pipeline-as-Code discipline, credentials, and provenance integration.

Mar 28, 20266 min read
Vulnerability Analysis

CVE-2024-23897 Jenkins CLI File Read Deep Dive

CVE-2024-23897 is a Jenkins CLI arbitrary file-read flaw that leaks secrets and enables RCE chains. Root cause, exploitation, and patch guidance.

Feb 27, 20269 min read
DevSecOps

Jenkins CLI Java Deserialization Remote Code Execution (C...

CVE-2017-1000353 let attackers gain unauthenticated RCE on Jenkins via CLI Java deserialization. Here's the impact, timeline, and how to remediate it.

Nov 26, 20258 min read
DevSecOps

Jenkins Remote Code Execution via Groovy Metaclass (CVE-2...

CVE-2016-0792 let attackers bypass Jenkins' deserialization blacklist using Groovy's metaclass to achieve unauthenticated remote code execution via the CLI.

Nov 26, 20259 min read
DevSecOps

Jenkins CLI Deserialization RCE via Commons-Collections G...

CVE-2015-8103: unauthenticated RCE in Jenkins CLI via a Commons-Collections deserialization gadget chain. Impact, timeline, and remediation.

Nov 26, 20259 min read
DevSecOps

Jenkins Script Security Sandbox Bypass Leading to RCE (CV...

CVE-2019-1003029 let attackers escape the Jenkins Script Security sandbox and execute arbitrary code via crafted Groovy pipeline scripts.

Nov 25, 20258 min read
DevSecOps

Jenkins Arbitrary File Read via Crafted CLI Command (CVE-...

CVE-2018-1999002 let attackers read arbitrary files from Jenkins masters via crafted requests to the Stapler framework, exposing secrets and credentials.

Nov 25, 20258 min read
Product

How Snyk integrates with Jenkins to fail builds on new vu...

A mechanical look at how the Snyk Jenkins plugin scans manifests, applies severity thresholds, and turns newly disclosed vulnerabilities into failed builds.

Aug 16, 20257 min read
Vulnerability Response

CVE-2025-47884 in Jenkins OpenID Connect Provider: Patch Posture & SBOM Response

Jenkins OIDC Provider plugin token impersonation scored CVSS 9.1. Defender playbook for CI/CD identity infrastructure.

May 16, 20256 min read
DevSecOps

Jenkins + Maven Integration Security

Jenkins is still the most common Maven build driver in enterprise Java shops. It is also where most supply chain incidents start. Here is what to change before it becomes your problem.

Sep 8, 20247 min read
jenkins — Safeguard Blog