FreeBSD : jenkins -- multiple vulnerabilities (3aa27226-f86f-11e8-a085-3497f683cb16)

high Nessus Plugin ID 119426

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Jenkins Security Advisory : Description(Critical) SECURITY-595 Code execution through crafted URLs (Medium) SECURITY-904 Forced migration of user records (Medium) SECURITY-1072 Workspace browser allowed accessing files outside the workspace (Medium) SECURITY-1193 Potential denial of service through cron expression form validation

Solution

Update the affected packages.

See Also

https://jenkins.io/security/advisory/2018-12-05/

http://www.nessus.org/u?98a6e427

Plugin Details

Severity: High

ID: 119426

File Name: freebsd_pkg_3aa27226f86f11e8a0853497f683cb16.nasl

Version: 1.1

Type: local

Published: 12/6/2018

Updated: 12/6/2018

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jenkins, p-cpe:/a:freebsd:freebsd:jenkins-lts, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/5/2018

Vulnerability Publication Date: 12/5/2018