Jenkins Security Advisory 2023-01-24
Affects plugin: BearyChat Affects plugin: Bitbucket OAuth Affects plugin: Cisco Spark Notifier Affects plugin: Gerrit Trigger Affects plugin: GitHub Pull Request Builder Affects plugin: GitHub Pull Request Coverage Status Affects plugin: JIRA Pipeline Steps Affects plugin: Keycloak Authentication Affects plugin: Kubernetes Credentials Provider Affects plugin: Microsoft Entra ID (previously Azure AD) Affects plugin: MSTest Affects plugin: OpenID Affects plugin: OpenId Connect Authentication Affects plugin: Orka by MacStadium Affects plugin: PWauth Security Realm Affects plugin: RabbitMQ Consumer Affects plugin: Script Security Affects plugin: Semantic Versioning Affects plugin: TestComplete support Affects plugin: TestQuality Updater Affects plugin: view-cloner Affects plugin: visualexpert
Details
Original advisory: https://www.jenkins.io/security/advisory/2023-01-24/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2023-244220.58% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 44% of all scored CVEs.
- Low exploitation riskCVE-2023-244230.49% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 39% of all scored CVEs.
- Moderate exploitation riskCVE-2023-244241.2% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 64% of all scored CVEs.
- Low exploitation riskCVE-2023-244250.82% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 53% of all scored CVEs.
- Moderate exploitation riskCVE-2023-244261.0% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 59% of all scored CVEs.
- Moderate exploitation riskCVE-2023-244271.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 61% of all scored CVEs.
- Low exploitation riskCVE-2023-244280.48% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
- Moderate exploitation riskCVE-2023-244291.3% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 67% of all scored CVEs.
- Moderate exploitation riskCVE-2023-244301.3% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 67% of all scored CVEs.
- Low exploitation riskCVE-2023-244310.62% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 45% of all scored CVEs.
Referenced CVEs
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18