Detections
Analytics
RHEL 7 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:4089)
critical Nessus Plugin ID 132226
Language:
Synopsis
The remote Red Hat host is missing a security update.Description
An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.1.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es) :
* jenkins-script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2019-10431)
* jenkins-2-plugins: Stored XSS vulnerability in HTML Publisher Plugin (CVE-2019-10432)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
Update the affected jenkins-2-plugins package.See Also
https://access.redhat.com/errata/RHSA-2019:4089
https://access.redhat.com/security/cve/cve-2019-10393
https://access.redhat.com/security/cve/cve-2019-10394
https://access.redhat.com/security/cve/cve-2019-10399
https://access.redhat.com/security/cve/cve-2019-10400
Plugin Details
Severity: Critical
ID: 132226
File Name: redhat-RHSA-2019-4089.nasl
Version: 1.5
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 12/18/2019
Updated: 7/15/2020
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2019-10431
CVSS v3
Risk Factor: Critical
Base Score: 9.9
Temporal Score: 8.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins, cpe:/o:redhat:enterprise_linux:7
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 12/17/2019
Vulnerability Publication Date: 9/12/2019
Reference Information
CVE: CVE-2019-10393, CVE-2019-10394, CVE-2019-10399, CVE-2019-10400, CVE-2019-10431, CVE-2019-10432
RHSA: 2019:4089