Jenkins, the open-source automation server used for continuous integration and delivery, has a critical security vulnerability that could allow attackers to execute arbitrary code on affected systems. The vulnerability, assigned CVE-2023-4567, is due to inadequate input validation in the Jenkins code and affects all versions before 2.303.1 LTS and 2.307.3 LTS.
Jenkins has released a security advisory, recommending immediate upgrades to the latest version to secure installations. Users who are unable to upgrade immediately can follow the provided workaround. Jenkins emphasizes the severity of the vulnerability and the need for immediate action to prevent exploitation.
Source: The Hacker News
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.