Jenkins Security Advisory 2023-05-16
Affects plugin: Ansible Affects plugin: AppSpider Affects plugin: Azure VM Agents Affects plugin: CAS Affects plugin: Code Dx Affects plugin: Email Extension Affects plugin: File Parameter Affects plugin: HashiCorp Vault Affects plugin: LDAP Affects plugin: LoadComplete support Affects plugin: NS-ND Integration Performance Publisher Affects plugin: Pipeline Utility Steps Affects plugin: Pipeline: Job Affects plugin: Reverse Proxy Auth Affects plugin: SAML Single Sign On(SSO) Affects plugin: Sidebar Link Affects plugin: Tag Profiler Affects plugin: TestComplete support Affects plugin: TestNG Results Affects plugin: wso2id-oauth
Details
Original advisory: https://www.jenkins.io/security/advisory/2023-05-16/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2023-329770.59% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 44% of all scored CVEs.
- Low exploitation riskCVE-2023-329780.30% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 22% of all scored CVEs.
- Low exploitation riskCVE-2023-329790.50% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 39% of all scored CVEs.
- Low exploitation riskCVE-2023-329800.37% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 29% of all scored CVEs.
- Moderate exploitation riskCVE-2023-329811.0% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 59% of all scored CVEs.
- Low exploitation riskCVE-2023-329820.38% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 30% of all scored CVEs.
- Low exploitation riskCVE-2023-329830.38% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 30% of all scored CVEs.
- Low exploitation riskCVE-2023-329840.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Exploitation likely imminentCVE-2023-32985EPSS puts this in the most-targeted tier (72.4% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 99% of all scored CVEs.
- Exploitation likely imminentCVE-2023-32986EPSS puts this in the most-targeted tier (60.7% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 99% of all scored CVEs.
Referenced CVEs
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18