Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0070 advisory.

  - commons-fileupload: Arbitrary file upload via deserialization (CVE-2013-2186)

  - stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws (CVE-2014-1869)

  - jenkins: denial of service (SECURITY-87) (CVE-2014-3661)

  - jenkins: username discovery (SECURITY-110) (CVE-2014-3662)

  - jenkins: job configuration issues (SECURITY-127, SECURITY-128) (CVE-2014-3663)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Red Hat OpenShift Enterprise release 3.1.1 is now available with updates to packages that fix several security issues, bugs and introduce feature enhancements.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

The following security issues are addressed with this release :

An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space. (CVE-2016-1905)

An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build- configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the policy is violated), if the build configuration files were later launched by other privileged services (such as automated triggers), user privileges could be bypassed allowing attacker escalation.
(CVE-2016-1906)

An update for Jenkins Continuous Integration Server that addresses a large number of security issues including XSS, CSRF, information disclosure and code execution have been addressed as well.
(CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662 CVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667 CVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807 CVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813 CVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319 CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323 CVE-2015-5324, CVE-2015-5325, CVE-2015-5326 ,CVE-2015-7537 CVE-2015-7538, CVE-2015-7539, CVE-2015-8103)

Space precludes documenting all of the bug fixes and enhancements in this advisory. See the OpenShift Enterprise 3.1 Release Notes, which will be updated shortly for release 3.1.1, for details about these changes :

https://docs.openshift.com/enterprise/3.1/release_notes/ ose_3_1_release_notes.html

All OpenShift Enterprise 3 users are advised to upgrade to these updated packages.

The remote web server hosts a version of Jenkins (open source) or CloudBees Jenkins Enterprise that is affected by multiple vulnerabilities :

  - An error exists related to file upload processing that     allows a remote attacker to overwrite arbitrary files.
    (CVE-2013-2186)

  - An input validation error exists related to the included     'ZeroClipboard' component that allows cross-site     scripting attacks. (CVE-2014-1869)

  - An error exists related to 'CLI handshake' handling that     allows denial of service attacks. (CVE-2014-3661)

  - An error exists related to handling login attempts using     non-existent or incorrect account names that allows a     remote attacker to enumerate application user names.
    (CVE-2014-3662)

  - An error exists related to handling users having     'Job/CONFIGURE' permissions that allows such users to     perform actions meant only for 'Job/CREATE' permissions.
    (CVE-2014-3663)

  - An error exists related to handling users having     'Overall/READ' permissions that allows directory     traversal attacks. (CVE-2014-3664)

  - An error exists related to the 'CLI channel' that allows     arbitrary code execution by a remote attacker on the     Jenkins master. (CVE-2014-3666)

  - An error exists related to handling users having     'Overall/READ' permissions that allows plugin source     code to be disclosed. (CVE-2014-3667)

  - An input validation error exists related to the     'Monitoring' plugin that allows cross-site scripting     attacks. (CVE-2014-3678)

  - An error exists related to the 'Monitoring' plugin that     allows unauthorized access to sensitive information.
    (CVE-2014-3679)

  - An error exists related to handling users having     'Job/READ' permissions that allows such users to     obtain default passwords belonging to parameterized     jobs. (CVE-2014-3680)

  - An unspecified input validation error allows cross-site     scripting attacks. (CVE-2014-3681)

Jenkins Security Advisory :

Please reference CVE/URL list for details

ID	Name	Product	Family	Severity
312030	RHCOS 3 : Red Hat OpenShift Enterprise 3.1.1 update (Important) (RHSA-2016:0070)	Nessus	Red Hat Local Security Checks	medium
119442	RHEL 7 : openshift (RHSA-2016:0070)	Nessus	Red Hat Local Security Checks	critical
78859	Jenkins < 1.583 / 1.565.3 and Jenkins Enterprise 1.532.x / 1.554.x / 1.565.x < 1.532.10.1 / 1.554.10.1 / 1.565.3.1 Multiple Vulnerabilities	Nessus	CGI abuses	critical
78017	FreeBSD : jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS (549a2771-49cc-11e4-ae2c-c80aa9043978)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2014-3667

medium

Tenable Plugins

medium

critical

critical

high