The Jenkins Security team was notified of the reported issues in November 2023, which were confirmed and fixed by the vendor the same month and fixed in January 2024. Sonar’s Vulnerability Research Team has discovered security vulnerabilities in Jenkins, an open-source CI/CD software.
Source: HackRead