Multiple vulnerabilities were identified in Jenkins. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, security restriction bypass, sensitive information disclosure and denial of service condition on the targeted system.

Security vulnerability is fixed in the following Jenkins versions:

• Jenkins weekly 2.528

• Jenkins LTS 2.516.3

More information on vulnerabilities and updates is available in Jenkins security bulletins – jenkins.io