FreeBSD : jenkins -- XSS vulnerability (9448a82f-6878-11e1-865f-00e0814cab4e)

high Nessus Plugin ID 58283

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Jenkins Security Advisory reports :

An XSS vulnerability was found in Jenkins core, which allows an attacker to inject malicious HTMLs to pages served by Jenkins. This allows an attacker to escalate his privileges by hijacking sessions of other users. This vulnerability affects all versions.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?35c7df20

http://www.nessus.org/u?8edc30d9

Plugin Details

Severity: High

ID: 58283

File Name: freebsd_pkg_9448a82f687811e1865f00e0814cab4e.nasl

Version: 1.6

Type: local

Published: 3/8/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jenkins, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/7/2012

Vulnerability Publication Date: 3/5/2012