FreeBSD : jenkins -- multiple vulnerabilities (22dc4a22-d1e5-11e4-879c-00e0814cab4e)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Jenkins Security Advisory : DescriptionSECURITY-171, SECURITY-177
(Reflective XSS vulnerability) An attacker without any access to
Jenkins can navigate the user to a carefully crafted URL and have the
user execute unintended actions. This vulnerability can be used to
attack Jenkins inside firewalls from outside so long as the location
of Jenkins is known to the attacker. SECURITY-180 (forced API token
change) The part of Jenkins that issues a new API token was not
adequately protected against anonymous attackers. This allows an
attacker to escalate privileges on Jenkins.

See also :

Solution :

Update the affected packages.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 82062 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now