FreeBSD : jenkins -- multiple vulnerabilities (7fe5b84a-78eb-11e2-8441-00e0814cab4e)

high Nessus Plugin ID 64666

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Jenkins Security Advisory reports :

This advisory announces multiple security vulnerabilities that were found in Jenkins core.

- One of the vulnerabilities allows cross-site request forgery (CSRF) attacks on Jenkins master, which causes an user to make unwanted actions on Jenkins. Another vulnerability enables cross-site scripting (XSS) attacks, which has the similar consequence. Another vulnerability allowed an attacker to bypass the CSRF protection mechanism in place, thereby mounting more CSRF attackes. These attacks allow an attacker without direct access to Jenkins to mount an attack.

- In the fourth vulnerability, a malicious user of Jenkins can trick Jenkins into building jobs that he does not have direct access to.

- And lastly, a vulnerability allows a malicious user of Jenkins to mount a denial of service attack by feeding a carefully crafted payload to Jenkins.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?065434c6

http://www.nessus.org/u?df91ac95

Plugin Details

Severity: High

ID: 64666

File Name: freebsd_pkg_7fe5b84a78eb11e2844100e0814cab4e.nasl

Version: 1.6

Type: local

Published: 2/18/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jenkins, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/17/2013

Vulnerability Publication Date: 2/16/2013