A critical vulnerability in the Jetty web server could result in memory corruption and confidential information to be disclosed. The flaw has a CVSS rating of 9.4 and impacts Jetty and Jenkins Core. It’s recommended that Jenkins users update their software to the latest version to mitigate the flaw. After the security implications were disclosed, the vulnerability was addressed in Jetty 9.30.v20200611 released last month. Jenkins has patched the flaw in its utility in Jenkins 2.243 and Jenkins LTS 2.235.5 released yesterday.
Source: https://thehackernews.com/2020/08/jenkins-server-vulnerability.html