{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/script-security-plugin/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Credentials Binding Plugin","GitHub Plugin","GitHub Branch Source Plugin","HTML Publisher Plugin","Matrix Authorization Strategy Plugin","Microsoft Entra ID (previously Azure AD) Plugin","Script Security Plugin"],"_cs_severities":["medium"],"_cs_tags":["jenkins","vulnerability","plugin"],"_cs_type":"advisory","_cs_vendors":["Jenkins","GitHub","Microsoft"],"content_html":"\u003cp\u003eOn April 29, 2026, Jenkins issued a security advisory (AV26-403) addressing vulnerabilities across several plugins. These vulnerabilities affect Credentials Binding Plugin (version 719.v80e905ef14eb_ and prior), GitHub Plugin (version 1.46.0 and prior), GitHub Branch Source Plugin (version 1967.vdea_d580c1a_b_a_ and prior), HTML Publisher Plugin (version 427 and prior), Matrix Authorization Strategy Plugin (versions 2.0-beta-1 to 3.2.9), Microsoft Entra ID (previously Azure AD) Plugin (version 666.v6060de32f87d and prior), and Script Security Plugin (version 1399.ve6a_66547f6e1 and prior). The advisory emphasizes the importance of applying the necessary updates to mitigate potential risks. This broad range of affected plugins highlights the need for Jenkins administrators to promptly review and implement the provided security measures. The Cyber Centre encourages users to review the advisory.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eGiven the nature of the advisory, a generic attack chain is described below. Specific steps depend on the exploited vulnerability in each plugin.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable Jenkins plugin version.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting a specific endpoint of the vulnerable plugin.\u003c/li\u003e\n\u003cli\u003eThe request exploits a vulnerability, such as arbitrary code execution, bypass authentication, or cross-site scripting (XSS).\u003c/li\u003e\n\u003cli\u003eThe Jenkins server processes the malicious request, leading to unauthorized code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to sensitive information, such as credentials stored within Jenkins.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised credentials to access other systems or escalate privileges within the Jenkins environment.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies build configurations to inject malicious code into software builds.\u003c/li\u003e\n\u003cli\u003eThe attacker compromises software builds and injects malicious code, impacting downstream users of the software.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could lead to unauthorized access to sensitive information, arbitrary code execution on the Jenkins server, and compromise of software builds. This can result in supply chain attacks, data breaches, and reputational damage. The scope of impact depends on the specific vulnerabilities exploited and the access level obtained by the attacker. The Jenkins Security Advisory addresses vulnerabilities in multiple plugins, any of which if exploited, could have significant impacts.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReview the Jenkins Security Advisory 2026-04-29 and identify vulnerable plugins in your environment.\u003c/li\u003e\n\u003cli\u003eUpdate the Credentials Binding Plugin to a version greater than 719.v80e905ef14eb_.\u003c/li\u003e\n\u003cli\u003eUpdate the GitHub Plugin to a version greater than 1.46.0.\u003c/li\u003e\n\u003cli\u003eUpdate the GitHub Branch Source Plugin to a version greater than 1967.vdea_d580c1a_b_a_.\u003c/li\u003e\n\u003cli\u003eUpdate the HTML Publisher Plugin to a version greater than 427.\u003c/li\u003e\n\u003cli\u003eUpdate the Matrix Authorization Strategy Plugin to a version greater than 3.2.9.\u003c/li\u003e\n\u003cli\u003eUpdate the Microsoft Entra ID (previously Azure AD) Plugin to a version greater than 666.v6060de32f87d.\u003c/li\u003e\n\u003cli\u003eUpdate the Script Security Plugin to a version greater than 1399.ve6a_66547f6e1.\u003c/li\u003e\n\u003cli\u003eMonitor Jenkins webserver logs (category \u003ccode\u003ewebserver\u003c/code\u003e, product \u003ccode\u003elinux\u003c/code\u003e) for suspicious activity and unauthorized access attempts after applying the updates.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T14:40:42Z","date_published":"2026-04-29T14:40:42Z","id":"/briefs/2026-04-jenkins-plugins/","summary":"Jenkins released a security advisory on April 29, 2026, detailing vulnerabilities in Credentials Binding Plugin, GitHub Plugin, GitHub Branch Source Plugin, HTML Publisher Plugin, Matrix Authorization Strategy Plugin, Microsoft Entra ID Plugin, and Script Security Plugin, urging users to apply necessary updates.","title":"Jenkins Security Advisory Addressing Multiple Plugin Vulnerabilities","url":"https://feed.craftedsignal.io/briefs/2026-04-jenkins-plugins/"}],"language":"en","title":"CraftedSignal Threat Feed — Script Security Plugin","version":"https://jsonfeed.org/version/1.1"}