On February 28, 2019, Alibaba Cloud Security discovered that many methods of exploiting Jenkins vulnerabilities were revealed online, and most of the vulnerabilities were high-risk RCE vulnerabilities. Attackers use various types of worms to increase the number of Jenkins RCE vulnerabilities.
The following vulnerabilities have been exploited frequently: CVE-2019-1003000, CVE-2019-1003001, CVE-2015-5323, CVE-2015-1814, CVE-2016-0792, and CVE-2017-1000353. These vulnerabilities exist in multiple Jenkins versions and plug-ins.
Risk level: High
Policy-based protection: Cloud Firewall provides virtual patches to fix this vulnerability. We recommend that you enable the Virtual Patches in Intrusion Prevention to defend against this vulnerability.