Multiple vulnerabilities in Jenkins servers could be used for crypto mining
Jenkins weekly up to and including 2.137 and Jenkins LTS up to and including 2.121.2
CVE-2018-1999001 could potentially allow attackers to register on a Jenkins server as an administrator. This could expose sensitive data such as source code or allow attackers to modify software that is deployed using Jenkins.
CVE-2018-1999043 can allow attackers to create temporary user names which would allow them to log into Jenkins servers for a short period of time.
Cyber criminals have exploited Jenkins servers in the past, earlier this year a group exploited CVE-2017-1000353 to install Monero mining malware on Jenkins servers around the globe.
CERT.be recommends users to always keep their systems up to date.
Updates can be found at : https://jenkins.io/download/