FreeBSD : jenkins -- multiple vulnerabilities (7480b6ac-adf1-443e-a33c-3a3c0becba1e)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Kohsuke Kawaguchi from Jenkins team reports : DescriptionSECURITY-125
(Combination filter Groovy script unsecured) This vulnerability allows
users with the job configuration privilege to escalate his privileges,
resulting in arbitrary code execution to the master. SECURITY-162
(directory traversal from artifacts via symlink) This vulnerability
allows users with the job configuration privilege or users with commit
access to the build script to access arbitrary files/directories on
the master, resulting in the exposure of sensitive information, such
as encryption keys. SECURITY-163 (update center metadata retrieval DoS
attack) This vulnerability allows authenticated users to disrupt the
operation of Jenkins by feeding malicious update center data into
Jenkins, affecting plugin installation and tool installation.
SECURITY-165 (external entity injection via XPath) This vulnerability
allows users with the read access to Jenkins to retrieve arbitrary XML
document on the server, resulting in the exposure of sensitive
information inside/outside Jenkins. SECURITY-166
(HudsonPrivateSecurityRealm allows creation of reserved names) For
users using 'Jenkins' own user database' setting, Jenkins doesn't
refuse reserved names, thus allowing privilege escalation.
SECURITY-167 (External entity processing in XML can reveal sensitive
local files) This vulnerability allows attackers to create malicious
XML documents and feed that into Jenkins, which causes Jenkins to
retrieve arbitrary XML document on the server, resulting in the
exposure of sensitive information inside/outside Jenkins. Severity
SECURITY-125 is rated critical. This attack can be only mounted by
users with some trust, but it results in arbitrary code execution on
the master.

SECURITY-162 is rated critical. This attack can be only mounted by
users with some trust, but it results in the exposure of sensitive
information.

SECURITY-163 is rated medium, as it results in the loss of
functionality.

SECURITY-165 is rated critical. This attack is easy to mount, and it
results in the exposure of sensitive information.

SECURITY-166 is rated critical. For users who use the affected
feature, this attack results in arbitrary code execution on the
master.

SECURITY-167 is rated critical. This attack is easy to mount, and it
results in the exposure of sensitive information.

See also :

http://www.nessus.org/u?3a908b80
http://www.nessus.org/u?eefdfcad

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 81587 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now