Liraz Siri's picture

Existing deployments of TurnKey Jenkins are still vulnerable to CVE-2015-8103, a critical issue that allows remote code execution by unauthenticated users.

Due to the seriousness of the issue new builds of TurnKey Jenkins have been published today so new deployments are not vulnerable.

Unfortunately pre-existing deployments still need to be updated manually:

https://www.turnkeylinux.org/blog/jenkins-remote-code-execution

Cheers,
Liraz Siri
TunKey GNU/Linux
GnuPG KeyID: 0xB06780D9
Fingerprint: 1B4D 4827 A06E 440F 74B8 8334 6DEC 96D3 B067 80D9
Cell: +972 54-201-3512