FreeBSD : jenkins -- multiple vulnerabilities (22dc4a22-d1e5-11e4-879c-00e0814cab4e)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Jenkins Security Advisory : DescriptionSECURITY-171, SECURITY-177
(Reflective XSS vulnerability) An attacker without any access to
Jenkins can navigate the user to a carefully crafted URL and have the
user execute unintended actions. This vulnerability can be used to
attack Jenkins inside firewalls from outside so long as the location
of Jenkins is known to the attacker. SECURITY-180 (forced API token
change) The part of Jenkins that issues a new API token was not
adequately protected against anonymous attackers. This allows an
attacker to escalate privileges on Jenkins.

See also :

http://www.nessus.org/u?8fcda0a5
http://www.nessus.org/u?f42c6948

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 82062 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now