FreeBSD : jenkins -- multiple vulnerabilities (23af0425-9eac-11e5-b937-00e0814cab4e)

high Nessus Plugin ID 87292

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Jenkins Security Advisory : DescriptionSECURITY-95 / CVE-2015-7536 (Stored XSS vulnerability through workspace files and archived artifacts) In certain configurations, low privilege users were able to create e.g. HTML files in workspaces and archived artifacts that could result in XSS when accessed by other users. Jenkins now sends Content-Security-Policy headers that enables sandboxing and prohibits script execution by default. SECURITY-225 / CVE-2015-7537 (CSRF vulnerability in some administrative actions) Several administration/configuration related URLs could be accessed using GET, which allowed attackers to circumvent CSRF protection. SECURITY-233 / CVE-2015-7538 (CSRF protection ineffective) Malicious users were able to circumvent CSRF protection on any URL by sending specially crafted POST requests. SECURITY-234 / CVE-2015-7539 (Jenkins plugin manager vulnerable to MITM attacks) While the Jenkins update site data is digitally signed, and the signature verified by Jenkins, Jenkins did not verify the provided SHA-1 checksums for the plugin files referenced in the update site data. This enabled MITM attacks on the plugin manager, resulting in installation of attacker-provided plugins.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?7ce23a1d

http://www.nessus.org/u?4b856ce9

Plugin Details

Severity: High

ID: 87292

File Name: freebsd_pkg_23af04259eac11e5b93700e0814cab4e.nasl

Version: 1.4

Type: local

Published: 12/10/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jenkins, p-cpe:/a:freebsd:freebsd:jenkins-lts, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/9/2015

Vulnerability Publication Date: 12/9/2015