Jenkins < 1.498 / 1.480.2 and Jenkins Enterprise 1.447.x / 1.466.x < 1.447.6.1 / 1.466.12.1 Unspecified Master Cryptographic Key Information Disclosure

Low Nessus Plugin ID 65055

Synopsis

The remote web server hosts a job scheduling / management system that
is affected by an information disclosure vulnerability.

Description

The remote web server hosts a version of Jenkins or Jenkins Enterprise
that is affected by an information disclosure vulnerability that could
allow a remote attacker to gain access to master cryptographic key
information. Attackers with this information may be able to execute
arbitrary code on the master host.

Solution

Upgrade to Jenkins 1.498 / 1.480.2, Jenkins Enterprise 1.447.6.1 /
1.466.12.1 or later.

See Also

http://www.nessus.org/u?0f8bc6d8

http://www.nessus.org/u?bd73e7b2

Plugin Details

Severity: Low

ID: 65055

File Name: jenkins_1_498.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 2013/03/06

Modified: 2018/11/15

Dependencies: 65054

Risk Information

Risk Factor: Low

CVSS v2.0

Base Score: 2.6

Temporal Score: 2.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cloudbees:jenkins

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/01/07

Vulnerability Publication Date: 2013/01/07

Reference Information

CVE: CVE-2013-0158

BID: 57171