Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS …
Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable to DNS rebinding attacks that allow bypassing origin validation.
References
- Jenkins Security Advisory 2026-03-18 vendor-advisory
Affected products
- <2.541.*
- <2.426.3
- *
- <2.442
Matching in nixpkgs
pkgs.jenkins
Extendable open source continuous integration server
pkgs.jenkins-job-builder
Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git
pkgs.python312Packages.jenkinsapi
Python API for accessing resources on a Jenkins continuous-integration server
pkgs.python313Packages.jenkinsapi
Python API for accessing resources on a Jenkins continuous-integration server
pkgs.python314Packages.jenkinsapi
Python API for accessing resources on a Jenkins continuous-integration server
pkgs.python312Packages.python-jenkins
Python bindings for the remote Jenkins API
pkgs.python313Packages.python-jenkins
Python bindings for the remote Jenkins API
pkgs.python314Packages.python-jenkins
Python bindings for the remote Jenkins API
pkgs.python312Packages.jenkins-job-builder
Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git
pkgs.python313Packages.jenkins-job-builder
Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git
pkgs.python314Packages.jenkins-job-builder
Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git
Package maintainers
-
@NeQuissimus Tim Steinbach <tim@nequissimus.com>
-
@coreyoconnor Corey O'Connor <coreyoconnor@gmail.com>
-
@earldouglas James Earl Douglas <james@earldouglas.com>
-
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
-
@invokes-su Souvik Sen <nixpkgs-commits@deshaw.com>
-
@drets Dmytro Rets <dmitryrets@gmail.com>
-
@de11n Elliot Cameron <nixpkgs-commits@deshaw.com>
-
@gador Florian Brandes <florian.brandes@posteo.de>
-
@despsyched Priyanshu Tripathi <priyanshu.tripathi@deshaw.com>