Software Security News

The latest software security stories, summarized by AI

"Urgent Patch Required for Critical Jenkins Vulnerability"

Jenkins has resolved nine security flaws, including a critical bug (CVE-2024-23897) that could lead to remote code execution (RCE) through its built-in command line interface (CLI). Attackers could exploit this vulnerability to read arbitrary files on the Jenkins controller file system, potentially leading to various attacks. The flaw has been fixed in Jenkins 2.442, LTS 2.426.3, and a short-term workaround is recommended until the patch can be applied. This comes after Jenkins addressed severe security vulnerabilities last year.

2 years ago•Source: The Hacker News

GitHub Rotates Keys to Address High-Severity Vulnerability

software-security

1.52 min•2 years ago

GitHub Rotates Keys to Address High-Severity Vulnerability

GitHub has rotated some keys, including the commit signing key and customer encryption keys, in response to a high-severity vulnerability (CVE-2024-0200) that could potentially expose credentials within a production container. The vulnerability, also present on GitHub Enterprise Server, requires an authenticated user with an organization owner role to be logged in for exploitation. GitHub has also addressed another high-severity bug (CVE-2024-0507) that could allow privilege escalation via command injection.

via The Hacker News