FreeBSD : jenkins -- multiple vulnerabilities (22dc4a22-d1e5-11e4-879c-00e0814cab4e)
High Nessus Plugin ID 82062
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionJenkins Security Advisory : DescriptionSECURITY-171, SECURITY-177 (Reflective XSS vulnerability) An attacker without any access to Jenkins can navigate the user to a carefully crafted URL and have the user execute unintended actions. This vulnerability can be used to attack Jenkins inside firewalls from outside so long as the location of Jenkins is known to the attacker. SECURITY-180 (forced API token change) The part of Jenkins that issues a new API token was not adequately protected against anonymous attackers. This allows an attacker to escalate privileges on Jenkins.
SolutionUpdate the affected packages.