New research from CyberArk finds a critical flaw in Jenkins servers that can allow an attacker to log in as an administrator. Jenkins is an open source Java server tool that has found wide use in DevOps methodology. CyberArk researchers first identified the problem — CVE-2018-1999001 — which allowed attackers to provide crafted login credentials that would cause Jenkins to move the startup configuration (config.xml) file from the Jenkins home directory. Another bug that CyberArk found is a bug that will crash the Java virtual machine due to low memory.”]