FreeBSD : jenkins -- multiple vulnerabilities (22dc4a22-d1e5-11e4-879c-00e0814cab4e)

High Nessus Plugin ID 82062


The remote FreeBSD host is missing one or more security-related updates.


Jenkins Security Advisory : DescriptionSECURITY-171, SECURITY-177 (Reflective XSS vulnerability) An attacker without any access to Jenkins can navigate the user to a carefully crafted URL and have the user execute unintended actions. This vulnerability can be used to attack Jenkins inside firewalls from outside so long as the location of Jenkins is known to the attacker. SECURITY-180 (forced API token change) The part of Jenkins that issues a new API token was not adequately protected against anonymous attackers. This allows an attacker to escalate privileges on Jenkins.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 82062

File Name: freebsd_pkg_22dc4a22d1e511e4879c00e0814cab4e.nasl

Version: $Revision: 1.1 $

Type: local

Published: 2015/03/25

Modified: 2015/03/25

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:jenkins, p-cpe:/a:freebsd:freebsd:jenkins-lts, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/03/24

Vulnerability Publication Date: 2015/03/23