Jenkins JDK / Ant Tools Job Configuration Stored XSS Vulnerability (SECURITY-624) (deprecated)

medium Nessus Plugin ID 105293

Synopsis

The Jenkins software installed on the remote host is affected by a cross-site scripting Vulnerability.

Description

The Jenkins advisory 2018-01-22 has updated to note this vulnerability to be specific to the Ant plugin, which cannot be accurately detected remotely with this plugin. Thus this plugin has been deprecated.

See Also

https://jenkins.io/security/advisory/2017-12-05/

http://www.nessus.org/u?59aa4c06

Plugin Details

Severity: Medium

ID: 105293

File Name: jenkins_security624.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 12/15/2017

Updated: 8/6/2018

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.1

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:cloudbees:jenkins

Required KB Items: www/Jenkins

Vulnerability Publication Date: 12/5/2017

Reference Information

CVE: CVE-2017-17383

BID: 102130