An NCC Group security consultant has discovered more than 100 Jenkins plugins have security flaws, zdnet writes. Viktor Gazdag discovered the vulnerabilities over the span of 18 months, and although he contacted the developers behind the plugins, many of them have not been fixed. According to Gazdag, it is likely many of those plugins have been since abandoned by their creators, leaving no one to introduce changes.
Jenkins is an open-source automation server used by developer teams to run automated tests and offers continuous integration and deployment of new products. This Java-coded server is favoured by the enterprise sector. However, many of the plugins devs can use are open-source products created by third parties.