Detections
Analytics

FreeBSD : jenkins -- multiple vulnerabilities (d6f76976-e86d-4f9a-9362-76c849b10db2)

high Nessus Plugin ID 144962

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Jenkins Security Advisory : Description(Medium) SECURITY-1452 / CVE-2021-21602 Arbitrary file read vulnerability in workspace browsers (High) SECURITY-1889 / CVE-2021-21603 XSS vulnerability in notification bar (High) SECURITY-1923 / CVE-2021-21604 Improper handling of REST API XML deserialization errors (High) SECURITY-2021 / CVE-2021-21605 Path traversal vulnerability in agent names (Medium) SECURITY-2023 / CVE-2021-21606 Arbitrary file existence check in file fingerprints (Medium) SECURITY-2025 / CVE-2021-21607 Excessive memory allocation in graph URLs leads to denial of service (High) SECURITY-2035 / CVE-2021-21608 Stored XSS vulnerability in button labels (Low) SECURITY-2047 / CVE-2021-21609 Missing permission check for paths with specific prefix (High) SECURITY-2153 / CVE-2021-21610 Reflected XSS vulnerability in markup formatter preview (High) SECURITY-2171 / CVE-2021-21611 Stored XSS vulnerability on new item page

Solution

Update the affected packages.

See Also

https://www.jenkins.io/security/advisory/2021-01-13/

http://www.nessus.org/u?e5b1fc4c

Plugin Details

Severity: High

ID: 144962

File Name: freebsd_pkg_d6f76976e86d4f9a936276c849b10db2.nasl

Version: 1.3

Type: local

Published: 1/14/2021

Updated: 6/3/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jenkins, p-cpe:/a:freebsd:freebsd:jenkins-lts, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/13/2021

Vulnerability Publication Date: 1/13/2021

Reference Information

IAVA: 2021-A-0039-S