Detections
Analytics

FreeBSD : jenkins -- multiple vulnerabilities (06ab7724-0fd7-427e-a5ce-fe436302b10c)

high Nessus Plugin ID 109713

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Jenkins developers report :

The agent to master security subsystem ensures that the Jenkins master is protected from maliciously configured agents. A path traversal vulnerability allowed agents to escape whitelisted directories to read and write to files they should not be able to access.

Black Duck Hub Plugin's API endpoint was affected by an XML External Entity (XXE) processing vulnerability. This allowed an attacker with Overall/Read access to have Jenkins parse a maliciously crafted file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks.

Several other lower severity issues were reported, see reference url for details.

Solution

Update the affected packages.

See Also

https://jenkins.io/security/advisory/2018-05-09/

http://www.nessus.org/u?170e91a0

Plugin Details

Severity: High

ID: 109713

File Name: freebsd_pkg_06ab77240fd7427ea5cefe436302b10c.nasl

Version: 1.2

Type: local

Published: 5/11/2018

Updated: 11/10/2018

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jenkins, p-cpe:/a:freebsd:freebsd:jenkins-lts, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/10/2018

Vulnerability Publication Date: 5/9/2018