This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Jenkins Security Advisory reports :
This advisory announces a security vulnerability that was found in
An attacker can then use this master cryptographic key to mount remote
code execution attack against the Jenkins master, or impersonate
arbitrary users in making REST API calls.
There are several factors that mitigate some of these problems that
may apply to specific installations.
- The particular attack vector is only applicable on Jenkins instances
that have slaves attached to them, and allow anonymous read access.
- Jenkins allows users to re-generate the API tokens. Those
re-generated API tokens cannot be impersonated by the attacker.
See also :
Update the affected package.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now