Detections
Analytics

RHEL 8 : Jenkins and Jenkins-2-plugins (RHSA-2024:0778)

critical Nessus Plugin ID 194435

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for Jenkins / Jenkins-2-plugins.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0778 advisory.

 - google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)

 - maven: Block repositories using http by default (CVE-2021-26291)

 - golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)

 - snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

 - maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

 - apache-commons-text: variable interpolation RCE (CVE-2022-42889)

 - guava: insecure temporary directory creation (CVE-2023-2976)

 - springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)

 - spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout (CVE-2023-20862)

 - jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

 - jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

 - jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)

 - jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)

 - jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

 - Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

 - Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

 - Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)

 - jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)

 - jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)

 - jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)

 - jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin (CVE-2023-40339)

 - jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials (CVE-2023-40341)

 - jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)

 - jenkins: cross-site WebSocket hijacking (CVE-2024-23898)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL Jenkins / Jenkins-2-plugins packages based on the guidance in RHSA-2024:0778.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=2107376

https://bugzilla.redhat.com/show_bug.cgi?id=2126789

https://bugzilla.redhat.com/show_bug.cgi?id=2135435

https://bugzilla.redhat.com/show_bug.cgi?id=2164278

https://bugzilla.redhat.com/show_bug.cgi?id=2170039

https://bugzilla.redhat.com/show_bug.cgi?id=2170041

https://bugzilla.redhat.com/show_bug.cgi?id=2177632

https://bugzilla.redhat.com/show_bug.cgi?id=2177634

https://bugzilla.redhat.com/show_bug.cgi?id=2180530

https://bugzilla.redhat.com/show_bug.cgi?id=2215229

https://bugzilla.redhat.com/show_bug.cgi?id=2222710

https://bugzilla.redhat.com/show_bug.cgi?id=2227788

https://bugzilla.redhat.com/show_bug.cgi?id=2232422

https://bugzilla.redhat.com/show_bug.cgi?id=2232423

https://bugzilla.redhat.com/show_bug.cgi?id=2232425

https://bugzilla.redhat.com/show_bug.cgi?id=2232426

https://bugzilla.redhat.com/show_bug.cgi?id=2236340

https://bugzilla.redhat.com/show_bug.cgi?id=2236341

https://bugzilla.redhat.com/show_bug.cgi?id=2239634

https://bugzilla.redhat.com/show_bug.cgi?id=2260180

https://bugzilla.redhat.com/show_bug.cgi?id=2260182

https://issues.redhat.com/browse/JKNS-271

https://issues.redhat.com/browse/JKNS-289

https://issues.redhat.com/browse/OCPBUGS-10976

https://issues.redhat.com/browse/OCPBUGS-11158

https://issues.redhat.com/browse/OCPBUGS-11348

https://issues.redhat.com/browse/OCPBUGS-1357

https://issues.redhat.com/browse/OCPBUGS-13652

https://issues.redhat.com/browse/OCPBUGS-13901

https://issues.redhat.com/browse/OCPBUGS-14113

https://issues.redhat.com/browse/OCPBUGS-14393

https://issues.redhat.com/browse/OCPBUGS-14642

https://issues.redhat.com/browse/OCPBUGS-15648

https://issues.redhat.com/browse/OCPBUGS-1709

https://issues.redhat.com/browse/OCPBUGS-1942

https://issues.redhat.com/browse/OCPBUGS-2099

https://issues.redhat.com/browse/OCPBUGS-2184

https://issues.redhat.com/browse/OCPBUGS-2318

https://issues.redhat.com/browse/OCPBUGS-27391

https://issues.redhat.com/browse/OCPBUGS-3692

https://issues.redhat.com/browse/OCPBUGS-4819

https://issues.redhat.com/browse/OCPBUGS-4833

https://issues.redhat.com/browse/OCPBUGS-655

https://issues.redhat.com/browse/OCPBUGS-6632

https://issues.redhat.com/browse/OCPBUGS-6982

https://issues.redhat.com/browse/OCPBUGS-7016

https://issues.redhat.com/browse/OCPBUGS-7050

https://issues.redhat.com/browse/OCPBUGS-710

https://issues.redhat.com/browse/OCPBUGS-8420

https://issues.redhat.com/browse/OCPBUGS-8497

https://issues.redhat.com/browse/OCPTOOLS-246

http://www.nessus.org/u?86d07ef4

https://access.redhat.com/errata/RHSA-2024:0778

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=1856376

https://bugzilla.redhat.com/show_bug.cgi?id=1955739

https://bugzilla.redhat.com/show_bug.cgi?id=2066479

Plugin Details

Severity: Critical

ID: 194435

File Name: redhat-RHSA-2024-0778.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/29/2024

Updated: 4/30/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-29599

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2024-23897

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:jenkins, p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/12/2024

Vulnerability Publication Date: 7/9/2020

Exploitable With

Core Impact

Metasploit (Apache Commons Text RCE)

Reference Information

CVE: CVE-2020-7692, CVE-2021-26291, CVE-2022-1962, CVE-2022-25857, CVE-2022-29599, CVE-2022-42889, CVE-2023-20861, CVE-2023-20862, CVE-2023-24422, CVE-2023-25761, CVE-2023-25762, CVE-2023-26048, CVE-2023-26049, CVE-2023-27903, CVE-2023-27904, CVE-2023-2976, CVE-2023-37947, CVE-2023-40167, CVE-2023-40337, CVE-2023-40338, CVE-2023-40339, CVE-2023-40341, CVE-2024-23897, CVE-2024-23898

CWE: 1188, 1286, 130, 1325, 20, 200, 266, 352, 358, 400, 459, 552, 601, 77, 770, 79, 88

RHSA: 2024:0778