A zero-day vulnerability in Jenkins was published on Friday, November 11. Last
we provided an immediate mitigation
and today we are releasing updates to Jenkins which fix the vulnerability. We
strongly recommend you update Jenkins to 2.32 (main line) or 2.19.3 (LTS) as
soon as possible.
contains more information on the exploit, affected versions, and fixed
versions, but in short:
An unauthenticated remote code execution vulnerability allowed attackers to