FreeBSD : jenkins -- remote code execution via unsafe deserialization (b665668a-91db-4f13-8113-9e4b5b0e47f7)

high Nessus Plugin ID 86859

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Jenkins Developers report :

Unsafe deserialization allows unauthenticated remote attackers to run arbitrary code on the Jenkins master.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?3bcad0c5

http://www.nessus.org/u?0316bc02

http://www.nessus.org/u?b72e1114

http://www.nessus.org/u?ab98e705

Plugin Details

Severity: High

ID: 86859

File Name: freebsd_pkg_b665668a91db4f1381139e4b5b0e47f7.nasl

Version: 2.5

Type: local

Published: 11/12/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jenkins, p-cpe:/a:freebsd:freebsd:jenkins-lts, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/11/2015

Vulnerability Publication Date: 11/6/2015