来源:
https://jenkins.io/security/advisory/2020-02-12/
还好 两个RCE的插件安装量都不高
https://github.com/jenkinsci/radargun-plugin/commit/63aba3b31d1a8ea140f26923eb48a25ef7f87e87
看看Google的这个,
修复的commit:
https://github.com/jenkinsci/google-kubernetes-engine-plugin/commit/365cfdd8b7b724ff871fba6239146f25024e96ae
跟另外一个插件的RCE一样,都是这样修复的:
然而安装插件的时候发现我这老版本Jenkins不让安装了。