A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked asCVE-2023-27898andCVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively christenedCorePlagueby cloud security firm Aqua. All versions of Jenkins versions prior to 2.319.2 are