Serial number: AV26-629
Date: June 24, 2026
On June 24, 2026, Jenkins published a security advisory to address vulnerabilities in the following products:
- Assembla Plugin – versions prior to 1.4
- External Workspace Manager Plugin – versions prior to 1.3.2
- OWASP ZAP Plugin – versions prior to 1.0.7
- Script Security Plugin – versions prior to 1402.v94c9ce464861
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
- XXE vulnerability in Assembla Plugin
- Path traversal vulnerability in External Workspace Manager Plugin
- Builds executed on the Jenkins controller by OWASP ZAP Plugin can lead to RCE
- Script security bypass vulnerability in Script Security Plugin
- Sandbox bypass vulnerability in Script Security Plugin
- Jenkins Security Advisories