FreeBSD : jenkins -- multiple vulnerabilities (20a1881e-8a9e-11e8-bddf-d017c2ca229d)

high Nessus Plugin ID 111176



The remote FreeBSD host is missing one or more security-related updates.


Jenkins Security Advisory : Description(High) SECURITY-897 / CVE-2018-1999001 Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart (High) SECURITY-914 / CVE-2018-1999002 Arbitrary file read vulnerability (Medium) SECURITY-891 / CVE-2018-1999003 Unauthorized users could cancel queued builds (Medium) SECURITY-892 / CVE-2018-1999004 Unauthorized users could initiate and abort agent launches (Medium) SECURITY-944 / CVE-2018-1999005 Stored XSS vulnerability (Medium) SECURITY-925 / CVE-2018-1999006 Unauthorized users are able to determine when a plugin was extracted from its JPI package (Medium) SECURITY-390 / CVE-2018-1999007 XSS vulnerability in Stapler debug mode


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 111176

File Name: freebsd_pkg_20a1881e8a9e11e8bddfd017c2ca229d.nasl

Version: 1.4

Type: local

Published: 7/20/2018

Updated: 4/5/2019

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jenkins, p-cpe:/a:freebsd:freebsd:jenkins-lts, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/18/2018

Vulnerability Publication Date: 7/18/2018

Reference Information

CVE: CVE-2018-1999001, CVE-2018-1999002, CVE-2018-1999003, CVE-2018-1999004, CVE-2018-1999005, CVE-2018-1999006, CVE-2018-1999007