Researchers from Aqua Nautilus have identified a series of flaws in the widely used Jenkins Server and Update Center that they have termed CorePlague (CVE-2023-27898 and CVE-2023-27905). An unauthenticated attacker might be able to execute arbitrary code on the victim’s Jenkins server by exploiting these vulnerabilities. Successful exploitation could result in a complete compromise of … Continue reading “Jenkins Server Cross-Site Scripting (XSS) Vulnerability (CVE-2023-27898)”