Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

Jenkins Misconfiguration Vulnerability

Avatar
Ingrid
Follow

Tracking Added February 7, 2018

Jenkins is an open source automation server used by software developers for continuous integration and delivery.

Vulnerability

Researchers have found close to one-fifth of Jenkins servers are misconfigured, and make it trivial for malicious actors to gain access to those systems. Since the product is typically linked to a code repository such as GitHub and a cloud environment such as AWS or Azure. Failure to configure the application correctly can create data security risks.[1]

See the Jenkins system administration website for information on securing Jenkins instances.[2]

Remediation

To see if a company in your portfolio is vulnerable, use the “Open Ports” filter in the Portfolio page.

References
  1. Security Week, “Misconfigured Jenkins Servers Leak Sensitive Data”
  2. Jenkins, “Securing Jenkins”

Related articles