Jenkins < 1.551 / 1.532.2 and Jenkins Enterprise 1.509.x / 1.532.x < 1.509.5.1 / 1.532.2.2 Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote web server hosts a job scheduling / management system that
is affected by multiple vulnerabilities.

Description :

The remote web server hosts a version of Jenkins or Jenkins Enterprise
that is affected by multiple vulnerabilities :

- A flaw in the default markup formatter allows cross-site
scripting via the Description field in the user
configuration. (CVE-2013-5573)

- A security bypass vulnerability allows remote
authenticated attackers to change configurations and
execute arbitrary jobs. (CVE-2013-7285, CVE-2013-7330,
CVE-2014-2058)

- An unspecified flaw in the Winstone servlet allows
remote attackers to hijack sessions. (CVE-2014-2060)

- An input control flaw in 'PasswordParameterDefinition'
allows remote attackers to disclose sensitive
information including passwords. (CVE-2014-2061)

- A security bypass vulnerability due to API tokens not
being invalidated when a user is deleted.
(CVE-2014-2062)

- An unspecified flaw allows remote attackers to conduct
clickjacking attacks. (CVE-2014-2063)

- An information disclosure vulnerability in the
'loadUserByUsername' function allows remote attackers
to determine whether a user exists via vectors related
to failed login attempts. (CVE-2014-2064)

- A cross-site scripting vulnerability due to improper
input validation to the 'iconSize' cookie.
(CVE-2014-2065)

- A session fixation vulnerability allows remote attackers
to hijack web sessions. (CVE-2014-2066)

- An information disclosure vulnerability in the 'doIndex'
function in 'hudson/util/RemotingDiagnostics.java'
allows remote authenticated users with the
'ADMINISTRATOR' permission to obtain sensitive
information via heapDump. (CVE-2014-2068)

See also :

http://www.nessus.org/u?da47e3e2
http://www.nessus.org/u?353dd087

Solution :

Upgrade to Jenkins 1.551 / 1.532.2 or Jenkins Enterprise 1.509.5.1 /
1.532.2.2 or later.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:ND/RL:U/RC:C)
Public Exploit Available : true