Jenkins < 1.545 Subversion Plugin Information Disclosure

low Nessus Plugin ID 72743

Synopsis

The remote web server hosts a job scheduling / management system that is affected by an information disclosure vulnerability.

Description

The remote web server hosts a version of Jenkins that is affected by an information disclosure vulnerability that could allow a local attacker to obtain passwords and SSH private key passphrases related to accessing Subversion resources.

Solution

Upgrade to Jenkins 1.545 or use the plugin update mechanism to obtain Subversion plugin version 1.54 or greater.

See Also

http://www.nessus.org/u?e903dff9

Plugin Details

Severity: Low

ID: 72743

File Name: jenkins_1_545.nasl

Version: 1.9

Type: combined

Agent: windows, macosx, unix

Family: CGI abuses

Published: 2/28/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.0

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2013-6372

Vulnerability Information

CPE: cpe:/a:cloudbees:jenkins, cpe:/a:jenkins:jenkins

Required KB Items: installed_sw/Jenkins

Exploit Ease: No known exploits are available

Patch Publication Date: 11/19/2013

Vulnerability Publication Date: 11/21/2013

Reference Information

CVE: CVE-2013-6372

BID: 63864