Jenkins < 1.551 / 1.532.2 and Jenkins Enterprise 1.509.x / 1.532.x < 1.509.5.1 / 1.532.2.2 Multiple Vulnerabilities

high Nessus Plugin ID 72685

Synopsis

The remote web server hosts a job scheduling / management system that is affected by multiple vulnerabilities.

Description

The remote web server hosts a version of Jenkins or Jenkins Enterprise that is affected by multiple vulnerabilities :

- A flaw in the default markup formatter allows cross-site scripting via the Description field in the user configuration. (CVE-2013-5573)

- A security bypass vulnerability allows remote authenticated attackers to change configurations and execute arbitrary jobs. (CVE-2013-7285, CVE-2013-7330, CVE-2014-2058)

- An unspecified flaw in the Winstone servlet allows remote attackers to hijack sessions. (CVE-2014-2060)

- An input control flaw in 'PasswordParameterDefinition' allows remote attackers to disclose sensitive information including passwords. (CVE-2014-2061)

- A security bypass vulnerability due to API tokens not being invalidated when a user is deleted.
(CVE-2014-2062)

- An unspecified flaw allows remote attackers to conduct clickjacking attacks. (CVE-2014-2063)

- An information disclosure vulnerability in the 'loadUserByUsername' function allows remote attackers to determine whether a user exists via vectors related to failed login attempts. (CVE-2014-2064)

- A cross-site scripting vulnerability due to improper input validation to the 'iconSize' cookie.
(CVE-2014-2065)

- A session fixation vulnerability allows remote attackers to hijack web sessions. (CVE-2014-2066)

- An information disclosure vulnerability in the 'doIndex' function in 'hudson/util/RemotingDiagnostics.java' allows remote authenticated users with the 'ADMINISTRATOR' permission to obtain sensitive information via heapDump. (CVE-2014-2068)

Solution

Upgrade to Jenkins 1.551 / 1.532.2 or Jenkins Enterprise 1.509.5.1 / 1.532.2.2 or later.

See Also

http://www.nessus.org/u?0db81363

http://www.nessus.org/u?353dd087

Plugin Details

Severity: High

ID: 72685

File Name: jenkins_1_551.nasl

Version: 1.13

Type: combined

Agent: windows, macosx, unix

Family: CGI abuses

Published: 2/25/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-2063

Vulnerability Information

CPE: cpe:/a:cloudbees:jenkins, cpe:/a:jenkins:jenkins

Required KB Items: installed_sw/Jenkins

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/14/2014

Vulnerability Publication Date: 2/14/2014

Reference Information

CVE: CVE-2013-5573, CVE-2013-7285, CVE-2013-7330, CVE-2014-2058, CVE-2014-2060, CVE-2014-2061, CVE-2014-2062, CVE-2014-2063, CVE-2014-2064, CVE-2014-2065, CVE-2014-2066, CVE-2014-2068

BID: 64414, 64760, 65694, 65718, 65720

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990