FreeBSD : jenkins -- multiple vulnerabilities (d846af5b-00f4-11e2-b6d0-00e0814cab4e)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Jenkins Security Advisory reports :

This advisory announces security vulnerabilities that were found in
Jenkins core and several plugins.

- The first vulnerability in Jenkins core allows unprivileged users to
insert data into Jenkins master, which can lead to remote code
execution. For this vulnerability to be exploited, the attacker must
have an HTTP access to a Jenkins master, and he must have a read
access to Jenkins.

- The second vulnerability in Jenkins core is a cross-site scripting
vulnerability. This allows an attacker to craft an URL that points to
Jenkins, and if a legitimate user clicks this link, and the attacker
will be able to hijack the user session.

- The third vulnerability is a cross-site scripting vulnerability in
the Violations plugin

- The fourth vulnerability is a cross-site scripting vulnerability in
The Continuous Integration Game plugin

See also :

http://www.nessus.org/u?b977eac7
http://www.nessus.org/u?ac1b2af4

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 62168 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now