Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0220 advisory.

  - Origin: rhc-chk.rb password exposure in log files (CVE-2012-5658)

  - Jenkins: HTTP response splitting (CVE-2012-6072)

  - Jenkins: open redirect (CVE-2012-6073)

  - Jenkins: cross-site scripting vulnerability (CVE-2012-6074)

  - rubygem-activerecord: find_by_* SQL Injection (CVE-2012-6496)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0220 advisory.

    Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service     (PaaS) solution designed for on-premise or private cloud deployments.

    Refer to the Red Hat OpenShift Enterprise 1.1 Release Notes for information     about the changes in this release. The Release Notes will be available     shortly from https://access.redhat.com/knowledge/docs/

    This update also fixes the following security issues:

    It was found that the master cryptographic key of Jenkins could be     retrieved via the HTTP server that is hosting Jenkins. A remote attacker     could use this flaw to access the server and execute arbitrary code with     the privileges of the user running Jenkins. Note that this issue only     affected Jenkins instances that had slaves attached and that also allowed     anonymous read access (not the default configuration). Manual action is     also required to correct this issue. Refer to Jenkins Security Advisory     2013-01-04, linked to in the References, for further information.
    (CVE-2013-0158)

    When the rhc-chk script was run in debug mode, its output included     sensitive information, such as database passwords, in plain text. As this     script is commonly used when troubleshooting, this flaw could lead to users     unintentionally exposing sensitive information in support channels (for     example, a Bugzilla report). This update removes the rhc-chk script.
    (CVE-2012-5658)

    Multiple flaws in the Jenkins web interface could allow a remote attacker     to perform HTTP response splitting and cross-site scripting (XSS) attacks,     as well as redirecting a victim to an arbitrary page by utilizing an open     redirect flaw. (CVE-2012-6072, CVE-2012-6074, CVE-2012-6073)

    A flaw was found in the way rubygem-activerecord dynamic finders extracted     options from method parameters. A remote attacker could possibly use this     flaw to perform SQL injection attacks against applications using the Active     Record dynamic finder methods. (CVE-2012-6496)

    The openshift-port-proxy-cfg program created a temporary file in an     insecure way. A local attacker could use this flaw to perform a symbolic     link attack, overwriting an arbitrary file accessible to the root user with     a 0 or a 1, which could lead to a denial of service. By default,     OpenShift uses polyinstantiation (per user) for the /tmp/ directory,     minimizing the risk of exploitation by local attackers. (CVE-2013-0164)

    The CVE-2013-0164 issue was discovered by Michael Scherer of the Red Hat     Regional IT team.

    Users of Red Hat OpenShift Enterprise 1.0 are advised to upgrade to Red Hat     OpenShift Enterprise 1.1.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote web server hosts a version of Jenkins or Jenkins Enterprise that is affected by an information disclosure vulnerability that could allow a remote attacker to gain access to master cryptographic key information.  Attackers with this information may be able to execute arbitrary code on the master host.

ID	Name	Product	Family	Severity
312025	RHCOS 6 : Red Hat OpenShift Enterprise 1.1 update (Important) (RHSA-2013:0220)	Nessus	Red Hat Local Security Checks	medium
119431	RHEL 6 : Red Hat OpenShift Enterprise 1.1 update (Important) (RHSA-2013:0220)	Nessus	Red Hat Local Security Checks	low
65055	Jenkins < 1.498 / 1.480.2 and Jenkins Enterprise 1.447.x / 1.466.x < 1.447.6.1 / 1.466.12.1 Unspecified Master Cryptographic Key Information Disclosure	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2013-0158

low

Tenable Plugins

medium

low

medium