Jenkins Security Advisory 2023-07-26
Affects Jenkins Core Affects plugin: Bazaar Affects plugin: Chef Identity Affects plugin: GitLab Authentication Affects plugin: Gradle Affects plugin: Qualys Web App Scanning Connector Affects plugin: ServiceNow DevOps
Details
Original advisory: https://www.jenkins.io/security/advisory/2023-07-26/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2023-391510.86% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 54% of all scored CVEs.
- Low exploitation riskCVE-2023-391520.64% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 46% of all scored CVEs.
- Low exploitation riskCVE-2023-391530.61% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 45% of all scored CVEs.
- Low exploitation riskCVE-2023-34140.36% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 28% of all scored CVEs.
- Low exploitation riskCVE-2023-34420.60% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 44% of all scored CVEs.
- Low exploitation riskCVE-2023-391540.48% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
- Low exploitation riskCVE-2023-391550.43% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 34% of all scored CVEs.
- Low exploitation riskCVE-2023-391560.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2023-39151 | coverage & exploitation status | NVD · CVE.org |
| CVE-2023-39152 | coverage & exploitation status | NVD · CVE.org |
| CVE-2023-39153 | coverage & exploitation status | NVD · CVE.org |
| CVE-2023-3414 | coverage & exploitation status | NVD · CVE.org |
| CVE-2023-3442 | coverage & exploitation status | NVD · CVE.org |
| CVE-2023-39154 | coverage & exploitation status | NVD · CVE.org |
| CVE-2023-39155 | coverage & exploitation status | NVD · CVE.org |
| CVE-2023-39156 | coverage & exploitation status | NVD · CVE.org |
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18