Detections
Analytics

FreeBSD : jenkins -- multiple vulnerabilities (d846af5b-00f4-11e2-b6d0-00e0814cab4e)

high Nessus Plugin ID 62168

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Jenkins Security Advisory reports :

This advisory announces security vulnerabilities that were found in Jenkins core and several plugins.

- The first vulnerability in Jenkins core allows unprivileged users to insert data into Jenkins master, which can lead to remote code execution. For this vulnerability to be exploited, the attacker must have an HTTP access to a Jenkins master, and he must have a read access to Jenkins.

- The second vulnerability in Jenkins core is a cross-site scripting vulnerability. This allows an attacker to craft an URL that points to Jenkins, and if a legitimate user clicks this link, and the attacker will be able to hijack the user session.

- The third vulnerability is a cross-site scripting vulnerability in the Violations plugin

- The fourth vulnerability is a cross-site scripting vulnerability in The Continuous Integration Game plugin

Solution

Update the affected package.

See Also

http://www.nessus.org/u?b977eac7

http://www.nessus.org/u?252734f0

Plugin Details

Severity: High

ID: 62168

File Name: freebsd_pkg_d846af5b00f411e2b6d000e0814cab4e.nasl

Version: 1.5

Type: local

Published: 9/18/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jenkins, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/17/2012

Vulnerability Publication Date: 9/17/2012