Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0070 advisory.

  - commons-fileupload: Arbitrary file upload via deserialization (CVE-2013-2186)

  - stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws (CVE-2014-1869)

  - jenkins: denial of service (SECURITY-87) (CVE-2014-3661)

  - jenkins: username discovery (SECURITY-110) (CVE-2014-3662)

  - jenkins: job configuration issues (SECURITY-127, SECURITY-128) (CVE-2014-3663)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0489 advisory.

  - ObjectMessage: unsafe deserialization (CVE-2015-5254)

  - jenkins: Project name disclosure via fingerprints (SECURITY-153) (CVE-2015-5317)

  - jenkins: Public value used for CSRF protection salt (SECURITY-169) (CVE-2015-5318)

  - jenkins: XXE injection into job configurations via CLI (SECURITY-173) (CVE-2015-5319)

  - jenkins: Secret key not verified when connecting a slave (SECURITY-184) (CVE-2015-5320)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Red Hat OpenShift Enterprise release 3.1.1 is now available with updates to packages that fix several security issues, bugs and introduce feature enhancements.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

The following security issues are addressed with this release :

An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space. (CVE-2016-1905)

An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build- configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves (launch fails when the policy is violated), if the build configuration files were later launched by other privileged services (such as automated triggers), user privileges could be bypassed allowing attacker escalation.
(CVE-2016-1906)

An update for Jenkins Continuous Integration Server that addresses a large number of security issues including XSS, CSRF, information disclosure and code execution have been addressed as well.
(CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662 CVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667 CVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807 CVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813 CVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319 CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323 CVE-2015-5324, CVE-2015-5325, CVE-2015-5326 ,CVE-2015-7537 CVE-2015-7538, CVE-2015-7539, CVE-2015-8103)

Space precludes documenting all of the bug fixes and enhancements in this advisory. See the OpenShift Enterprise 3.1 Release Notes, which will be updated shortly for release 3.1.1, for details about these changes :

https://docs.openshift.com/enterprise/3.1/release_notes/ ose_3_1_release_notes.html

All OpenShift Enterprise 3 users are advised to upgrade to these updated packages.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0489 advisory.

    OpenShift Enterprise by Red Hat is the company's cloud computing     Platform-as-a-Service (PaaS) solution designed for on-premise or     private cloud deployments.

    The following security issue is addressed with this release:

    It was found that ActiveMQ did not safely handle user supplied data     when deserializing objects. A remote attacker could use this flaw to     execute arbitrary code with the permissions of the ActiveMQ     application. (CVE-2015-5254)

    An update for Jenkins Continuous Integration Server that addresses a     large number of security issues including XSS, CSRF, information     disclosure and code execution have been addressed as well.
    (CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320,     CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324,     CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538,     CVE-2015-7539, CVE-2015-8103)

    Space precludes documenting all of the bug fixes in this advisory. See     the OpenShift Enterprise Technical Notes, which will be updated     shortly for release 2.2.9, for details about these changes:

    https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-     single/Technical_Notes/index.html

    All OpenShift Enterprise 2 users are advised to upgrade to these     updated packages.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
312030	RHCOS 3 : Red Hat OpenShift Enterprise 3.1.1 update (Important) (RHSA-2016:0070)	Nessus	Red Hat Local Security Checks	medium
311965	RHCOS 2 : Red Hat OpenShift Enterprise 2.2.9 (RHSA-2016:0489)	Nessus	Red Hat Local Security Checks	medium
119442	RHEL 7 : openshift (RHSA-2016:0070)	Nessus	Red Hat Local Security Checks	critical
119368	RHEL 6 : Red Hat OpenShift Enterprise 2.2.9 (RHSA-2016:0489)	Nessus	Red Hat Local Security Checks	critical

Detections

Analytics

CVE-2015-5318

low

Tenable Plugins

medium

medium

critical

critical