FreeBSD : jenkins -- multiple vulnerabilities (20a1881e-8a9e-11e8-bddf-d017c2ca229d)

High Nessus Plugin ID 111176

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Jenkins Security Advisory : Description(High) SECURITY-897 / CVE-2018-1999001 Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart (High) SECURITY-914 / CVE-2018-1999002 Arbitrary file read vulnerability (Medium) SECURITY-891 / CVE-2018-1999003 Unauthorized users could cancel queued builds (Medium) SECURITY-892 / CVE-2018-1999004 Unauthorized users could initiate and abort agent launches (Medium) SECURITY-944 / CVE-2018-1999005 Stored XSS vulnerability (Medium) SECURITY-925 / CVE-2018-1999006 Unauthorized users are able to determine when a plugin was extracted from its JPI package (Medium) SECURITY-390 / CVE-2018-1999007 XSS vulnerability in Stapler debug mode

Solution

Update the affected packages.

See Also

https://jenkins.io/security/advisory/2018-07-18/

http://www.nessus.org/u?ed06efb7

Plugin Details

Severity: High

ID: 111176

File Name: freebsd_pkg_20a1881e8a9e11e8bddfd017c2ca229d.nasl

Version: 1.1

Type: local

Published: 2018/07/20

Modified: 2018/07/20

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jenkins, p-cpe:/a:freebsd:freebsd:jenkins-lts, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2018/07/18

Vulnerability Publication Date: 2018/07/18

Reference Information

CVE: CVE-2018-1999001, CVE-2018-1999002, CVE-2018-1999003, CVE-2018-1999004, CVE-2018-1999005, CVE-2018-1999006, CVE-2018-1999007