FreeBSD : jenkins -- multiple vulnerabilities (7fe5b84a-78eb-11e2-8441-00e0814cab4e)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Jenkins Security Advisory reports :

This advisory announces multiple security vulnerabilities that were
found in Jenkins core.

- One of the vulnerabilities allows cross-site request forgery (CSRF)
attacks on Jenkins master, which causes an user to make unwanted
actions on Jenkins. Another vulnerability enables cross-site scripting
(XSS) attacks, which has the similar consequence. Another
vulnerability allowed an attacker to bypass the CSRF protection
mechanism in place, thereby mounting more CSRF attackes. These attacks
allow an attacker without direct access to Jenkins to mount an attack.

- In the fourth vulnerability, a malicious user of Jenkins can trick
Jenkins into building jobs that he does not have direct access to.

- And lastly, a vulnerability allows a malicious user of Jenkins to
mount a denial of service attack by feeding a carefully crafted
payload to Jenkins.

See also :

http://www.nessus.org/u?874c7641
http://www.nessus.org/u?db6f323e

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 64666 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now