myjenkins: Some installed plugins have security issues

Question

myjenkins: Some installed plugins have security issues

Closed this issue 7 years ago · 2 comments

Check on ${JENKINS_URL}/manage

Answer 1 · 2017-04-14T04:59:19.000Z

From https://wiki.jenkins-ci.org/display/JENKINS/Scriptler+Plugin

Older versions of this plugin may not be safe to use.
Please review the following warnings before using an older version:

Persistent cross-site scripting vulnerability

Any user can add Scriptler scripts to build configurations

Any Scriptler script can be executed as part of builds

Cross-site request forgery vulnerabilities in Scriptler script management

Arbitrary code execution vulnerability in rare circumstances

From https://wiki.jenkins-ci.org/display/JENKINS/Build+Flow+Plugin

Deprecated: Users should migrate to https://wiki.jenkins-ci.org/display/JENKINS/Pipeline+Plugin

Answer 2 · 2017-04-14T21:32:59.000Z

Fix via PR #195