{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um beliebigen Programmcode auszuführen, sich als Benutzer auszugeben, Benutzer auf vom Angreifer kontrollierte Domänen umzuleiten, Sicherheitsmaßnahmen zu umgehen, Daten offenzulegen und zu manipulieren sowie Cross-Site-Scripting-Angriffe durchzuführen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1884 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1884.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1884 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1884" }, { "category" : "external", "summary" : "Jenkins Security Advisory vom 2026-06-10", "url" : "https://www.jenkins.io/security/advisory/2026-06-10/" }, { "category" : "external", "summary" : "Exploit CVE-2026-53435 vom 2026-06-15", "url" : "https://x.com/DefusedCyber/status/2066446206285291526" } ], "source_lang" : "en-US", "title" : "Jenkins: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-06-15T22:00:00.000+00:00", "generator" : { "date" : "2026-06-16T06:54:55.210+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-1884", "initial_release_date" : "2026-06-10T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-06-10T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-06-15T22:00:00.000+00:00", "number" : "2", "summary" : "Exploit aufgenommen CVE-2026-53435" } ], "status" : "final", "version" : "2" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "weekly <2.567", "product" : { "name" : "Jenkins Jenkins weekly <2.567", "product_id" : "T055271" } }, { "category" : "product_version", "name" : "weekly 2.567", "product" : { "name" : "Jenkins Jenkins weekly 2.567", "product_id" : "T055271-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:cloudbees:jenkins:weekly__2.567" } } }, { "category" : "product_version_range", "name" : "LTS <2.555.2", "product" : { "name" : "Jenkins Jenkins LTS <2.555.2", "product_id" : "T055272" } }, { "category" : "product_version", "name" : "LTS 2.555.2", "product" : { "name" : "Jenkins Jenkins LTS 2.555.2", "product_id" : "T055272-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:cloudbees:jenkins:lts__2.555.2" } } } ], "category" : "product_name", "name" : "Jenkins" } ], "category" : "vendor", "name" : "Jenkins" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-53435", "product_status" : { "known_affected" : [ "T055272", "T055271" ] }, "release_date" : "2026-06-10T22:00:00.000+00:00", "title" : "CVE-2026-53435" }, { "cve" : "CVE-2026-53436", "product_status" : { "known_affected" : [ "T055272", "T055271" ] }, "release_date" : "2026-06-10T22:00:00.000+00:00", "title" : "CVE-2026-53436" }, { "cve" : "CVE-2026-53437", "product_status" : { "known_affected" : [ "T055272", "T055271" ] }, "release_date" : "2026-06-10T22:00:00.000+00:00", "title" : "CVE-2026-53437" }, { "cve" : "CVE-2026-53438", "product_status" : { "known_affected" : [ "T055272", "T055271" ] }, "release_date" : "2026-06-10T22:00:00.000+00:00", "title" : "CVE-2026-53438" }, { "cve" : "CVE-2026-53439", "product_status" : { "known_affected" : [ "T055272", "T055271" ] }, "release_date" : "2026-06-10T22:00:00.000+00:00", "title" : "CVE-2026-53439" }, { "cve" : "CVE-2026-53440", "product_status" : { "known_affected" : [ "T055272", "T055271" ] }, "release_date" : "2026-06-10T22:00:00.000+00:00", "title" : "CVE-2026-53440" }, { "cve" : "CVE-2026-53441", "product_status" : { "known_affected" : [ "T055272", "T055271" ] }, "release_date" : "2026-06-10T22:00:00.000+00:00", "title" : "CVE-2026-53441" }, { "cve" : "CVE-2026-53442", "product_status" : { "known_affected" : [ "T055272", "T055271" ] }, "release_date" : "2026-06-10T22:00:00.000+00:00", "title" : "CVE-2026-53442" } ] }