The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5198 advisory.

    Two security vulnerabilities were discovered in Jetty, a Java servlet engine and webserver. CVE-2022-2047     In Eclipse Jetty the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class     improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
    CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request,     the error handling has a bug that can wind up not properly cleaning up the active connections and     associated resources. This can lead to a Denial of Service scenario where there are no enough resources     left to process good requests. For the stable distribution (bullseye), these problems have been fixed in     version 9.4.39-3+deb11u1. We recommend that you upgrade your jetty9 packages. For the detailed security     status of jetty9 please refer to its security tracker page at: https://security-     tracker.debian.org/tracker/jetty9

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3079 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3079-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                      Markus Koschany     August 22, 2022                               https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : jetty9     Version        : 9.4.16-0+deb10u2     CVE ID         : CVE-2022-2047 CVE-2022-2048

    Two security vulnerabilities were discovered in Jetty, a Java servlet engine     and webserver.

    CVE-2022-2047

        In Eclipse Jetty the parsing of the authority segment of an http scheme         URI, the Jetty HttpURI class improperly detects an invalid input as a         hostname. This can lead to failures in a Proxy scenario.

    CVE-2022-2048

        In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid         HTTP/2 request, the error handling has a bug that can wind up not properly         cleaning up the active connections and associated resources. This can lead         to a Denial of Service scenario where there are no enough resources left to         process good requests.


    For Debian 10 buster, these problems have been fixed in version     9.4.16-0+deb10u2.

    We recommend that you upgrade your jetty9 packages.

    For the detailed security status of jetty9 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/jetty9

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0017 advisory.

  - In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error     handling has a bug that can wind up not properly cleaning up the active connections and associated     resources. This can lead to a Denial of Service scenario where there are no enough resources left to     process good requests. (CVE-2022-2048)

  - Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows     attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured     SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved     library in their pull request, even if the Pipeline is configured to not trust them. (CVE-2022-29047)

  - Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on     the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. (CVE-2022-30945)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08     and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
    (CVE-2022-30946)

  - Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some     SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining     limited information about other projects' SCM contents. (CVE-2022-30948)

  - Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure     permission to access credentials with attacker-specified IDs stored in the private per-user credentials     stores of any attacker-specified user in Jenkins. (CVE-2022-30952)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows     attackers to connect to an attacker-specified HTTP server. (CVE-2022-30953)

  - Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP     endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP     server. (CVE-2022-30954)

  - In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form     allows distinguishing between login attempts with an invalid username, and login attempts with a valid     username and wrong password, when using the Jenkins user database security realm. (CVE-2022-34174)

  - Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results,     resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update     permission. (CVE-2022-34176)

  - Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file`     parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter     name without sanitization as a relative path inside a build-related directory, allowing attackers able to     configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with     attacker-specified content. (CVE-2022-34177)

  - jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client (CVE-2022-36881)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows     attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause     them to check out an attacker-specified commit. (CVE-2022-36882)

  - A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to     trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check     out an attacker-specified commit. (CVE-2022-36883)

  - The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers     information about the existence of jobs configured to use an attacker-specified Git repository.
    (CVE-2022-36884)

  - Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking     whether the provided and computed webhook signatures are equal, allowing attackers to use statistical     methods to obtain a valid webhook signature. (CVE-2022-36885)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error     handling has a bug that can wind up not properly cleaning up the active connections and associated     resources. This can lead to a Denial of Service scenario where there are no enough resources left to     process good requests. (CVE-2022-2048)

Note that Nessus relies on the presence of the package as reported by the vendor.

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory.

  - Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (JSON-java)). Supported     versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated     attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel     CRM. (CVE-2020-15250, CVE-2022-45688)

  - Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core (Apache ZooKeeper)).
    Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of Siebel CRM. (CVE-2020-36518, CVE-2020-9493, CVE-2021-21295, CVE-2021-37533, CVE-2022-2048,     CVE-2022-23307, CVE-2022-41915, CVE-2022-42003, CVE-2022-42004)

  - Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: UI Framework (jQueryUI)).
    Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks require     human interaction from a person other than the attacker and while the vulnerability is in Siebel CRM,     attacks may significantly impact additional products (scope change). Successful attacks of this     vulnerability can result in unauthorized update, insert or delete access to some of Siebel CRM accessible     data as well as unauthorized read access to a subset of Siebel CRM accessible data. (CVE-2022-31160)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0017 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.56. See the following     advisory for the container images for this release:

    https://access.redhat.com/errata/RHBA-2023:0018

    Security Fix(es):

    * Pipeline Shared Groovy Libraries: Untrusted users can modify some     Pipeline libraries in Pipeline Shared Groovy Libraries Plugin     (CVE-2022-29047)
    * Jenkins plugin: Sandbox bypass vulnerability through implicitly     allowlisted platform Groovy files in Pipeline: Groovy Plugin     (CVE-2022-30945)
    * Jenkins plugin: Mercurial SCM plugin can check out from the controller     file system (CVE-2022-30948)
    * jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step     Plugin (CVE-2022-34177)
    * jenkins-plugin: Man-in-the-Middle (MitM) in     org.jenkins-ci.plugins:git-client (CVE-2022-36881)
    * http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
    * Jenkins plugin: CSRF vulnerability in Script Security Plugin     (CVE-2022-30946)
    * Jenkins plugin: User-scoped credentials exposed to other users by     Pipeline SCM API for Blue Ocean Plugin (CVE-2022-30952)
    * Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)
    * Jenkins plugin: missing permission checks in Blue Ocean Plugin     (CVE-2022-30954)
    * jenkins: Observable timing discrepancy allows determining username     validity (CVE-2022-34174)
    * jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin     (CVE-2022-34176)
    * jenkins-plugin: Cross-site Request Forgery (CSRF) in     org.jenkins-ci.plugins:git (CVE-2022-36882)
    * jenkins plugin: Lack of authentication mechanism in Git Plugin webhook     (CVE-2022-36883)
    * jenkins plugin: Lack of authentication mechanism in Git Plugin webhook     (CVE-2022-36884)
    * jenkins plugin: Non-constant time webhook signature comparison in GitHub     Plugin (CVE-2022-36885)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s)     listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0390 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2024-13009:
    In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip     error when inflating a request     body. This can result in corrupted and/or inadvertent sharing of data between requests.

    CVE-2024-22201:
    Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP     congested will be leaked when it times out. An attacker can cause many connections to end up in this     state, and the server may run out of file descriptors, eventually causing the server to stop accepting new     connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

    CVE-2023-36478:
    Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0     through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for     HTTP/2 HPACK header values to     exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size     limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is     true, the multiplication by 4 in line 295     will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on     line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK     header value sizes to be negative, potentially leading to a very large buffer allocation later on when the     user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more     precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length     value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to     be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The     issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.

    CVE-2022-2048:
    In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error     handling has a bug that can wind up not properly cleaning up the active connections and associated     resources. This can lead to a Denial of Service scenario where there are no enough resources left to     process good requests.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3663 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a     software project or jobs run by cron.

    Security Fix(es):

    * xstream: Denial of Service by injecting recursive collections or maps based on element's hash values     raising a stack overflow (CVE-2022-41966)

    * json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)     (CVE-2023-1370)

    * springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)

    * log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)

    * Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)

    * Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)

    * jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)

    * http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)

    * springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)

    * jettison: parser crash by stackoverflow (CVE-2022-40149)

    * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

    * jackson-databind: use of deeply nested arrays (CVE-2022-42004)

    * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)

    * jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline     Utility Steps Plugin (CVE-2023-32981)

    * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)

    * Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)

    * Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.361.1 or Jenkins weekly prior to 2.363. It is, therefore, affected by a vulnerability:

  - In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error     handling has a bug that can wind up not properly cleaning up the active connections and associated     resources. This can lead to a Denial of Service scenario where there are no enough resources left to     process good requests. (CVE-2022-2048)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory.

  - PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use     of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the     client that issued the initial authorization request is the one that will be authorized. An attacker is     able to obtain the authorization code using a malicious app on the client-side and use it to gain     authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-     client before 1.31.0. (CVE-2020-7692)

  - SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.
    Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using     SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend     upgrading to version 2.0 and beyond. (CVE-2022-1471)

  - In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error     handling has a bug that can wind up not properly cleaning up the active connections and associated     resources. This can lead to a Denial of Service scenario where there are no enough resources left to     process good requests. (CVE-2022-2048)

  - The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due     missing to nested depth limitation for collections. (CVE-2022-25857)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08     and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
    (CVE-2022-30946)

  - Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure     permission to access credentials with attacker-specified IDs stored in the private per-user credentials     stores of any attacker-specified user in Jenkins. (CVE-2022-30952)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows     attackers to connect to an attacker-specified HTTP server. (CVE-2022-30953)

  - Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP     endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP     server. (CVE-2022-30954)

  - In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form     allows distinguishing between login attempts with an invalid username, and login attempts with a valid     username and wrong password, when using the Jenkins user database security realm. (CVE-2022-34174)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows     attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause     them to check out an attacker-specified commit. (CVE-2022-36882)

  - A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to     trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check     out an attacker-specified commit. (CVE-2022-36883)

  - The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers     information about the existence of jobs configured to use an attacker-specified Git repository.
    (CVE-2022-36884)

  - Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking     whether the provided and computed webhook signatures are equal, allowing attackers to use statistical     methods to obtain a valid webhook signature. (CVE-2022-36885)

  - A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime     in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to     define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute     arbitrary code in the context of the Jenkins controller JVM. (CVE-2022-43401)

  - A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime     in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to     define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute     arbitrary code in the context of the Jenkins controller JVM. (CVE-2022-43402)

  - A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script     Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run     sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the     context of the Jenkins controller JVM. (CVE-2022-43403)

  - A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated     synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows     attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox     protection and execute arbitrary code in the context of the Jenkins controller JVM. (CVE-2022-43404)

  - A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier     allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed     scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context     of the Jenkins controller JVM. (CVE-2022-43405)

  - A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966     and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and run     sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the     context of the Jenkins controller JVM. (CVE-2022-43406)

  - Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the     optionally specified ID of the 'input' step, which is used for the URLs that process user interactions for     the given 'input' step (proceed or abort) and is not correctly encoded, allowing attackers able to     configure Pipelines to have Jenkins build URLs from 'input' step IDs that would bypass the CSRF protection     of any target URL in Jenkins when the 'input' step is interacted with. (CVE-2022-43407)

  - Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps     when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure     Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF protection of any     target URL in Jenkins. (CVE-2022-43408)

  - Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly     encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting     (XSS) vulnerability exploitable by attackers able to create Pipelines. (CVE-2022-43409)

  - Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses     Java deserialization to load a serialized java.security.PrivateKey. The class is one of several     implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH     server. (CVE-2022-45047)

  - Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the     SHA-1 hash of the script, making it vulnerable to collision attacks. (CVE-2022-45379)

  - Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to     clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability     exploitable by attackers with Item/Configure permission. (CVE-2022-45380)

  - Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix     interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix     interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the     Jenkins controller file system. (CVE-2022-45381)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0777 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.56. See the following     advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2023:0778

    Security Fix(es):

    * jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin     (CVE-2022-43401)

    * jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin (CVE-2022-43402)

    * jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin     (CVE-2022-43403)

    * jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin     (CVE-2022-43404)

    * jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin     (CVE-2022-43405)

    * jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy     Libraries Plugin (CVE-2022-43406)

    * google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can     lead to improper authorization (CVE-2020-7692)

    * SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

    * snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

    * jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step     Plugin (CVE-2022-43407)

    * mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)

    * jenkins-plugin/script-security: Whole-script approval in Script Security Plugin vulnerable to SHA-1     collisions (CVE-2022-45379)

    * jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2022-45380)

    * jenkins-plugin/pipeline-utility-steps: Arbitrary file read vulnerability in Pipeline Utility Steps     Plugin (CVE-2022-45381)

    * http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)

    * Jenkins plugin: CSRF vulnerability in Script Security Plugin (CVE-2022-30946)

    * Jenkins plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin     (CVE-2022-30952)

    * Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)

    * Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)

    * jenkins: Observable timing discrepancy allows determining username validity (CVE-2022-34174)

    * jenkins-plugin: Cross-site Request Forgery (CSRF) in org.jenkins-ci.plugins:git (CVE-2022-36882)

    * jenkins plugin: Lack of authentication mechanism in Git Plugin webhook (CVE-2022-36883)

    * jenkins plugin: Lack of authentication mechanism in Git Plugin webhook (CVE-2022-36884)

    * jenkins plugin: Non-constant time webhook signature comparison in GitHub Plugin (CVE-2022-36885)

    * jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View     Plugin (CVE-2022-43408)

    * jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline: Supporting APIs Plugin     (CVE-2022-43409)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The 19c and 21c versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory.

  - Vulnerability in the Oracle Database - Machine Learning (Numpy) component of Oracle Database Server. The     supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker     having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Machine     Learning (Numpy). (CVE-2021-41495)  

  - Vulnerability in the Spatial and Graph (jackson-databind) component of Oracle Database Server. Supported     versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker     having Authenticated User privilege with network access via HTTP to compromise Spatial and     Graph (jackson-databind). Successful attacks of this vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete DOS) of Spatial and Graph (jackson-databind).
    (CVE-2020-36518)

  - Vulnerability in the Oracle Notification Server (PCRE2) component of Oracle Database Server. Supported     versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged     attacker having Subscriber privilege with network access via HTTP to compromise Oracle Notification     Server (PCRE2). Successful attacks of this vulnerability can result in unauthorized ability to cause     a hang or frequently repeatable crash (complete DOS) of Oracle Notification Server (PCRE2).
    Note: This vulnerability applies to Windows systems only. (CVE-2022-1587)

  - Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported     version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having     DBA user privilege with network access via Oracle Net to compromise Oracle Database - Advanced Queuing.
    Successful attacks of this vulnerability can result in takeover of Oracle Database - Advanced Queuing.
    (CVE-2022-21596)

  - Vulnerability in the Oracle Database - Sharding component of Oracle Database Server. Supported versions     that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having     Local Logon privilege with network access via Local Logon to compromise Oracle Database - Sharding.
    Successful attacks of this vulnerability can result in takeover of Oracle Database - Sharding.
    (CVE-2022-21603)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
163753	Debian DSA-5198-1 : jetty9 - security update	Nessus	Debian Local Security Checks	8/3/2022	1/24/2025	low
164323	Debian dla-3079 : jetty9 - security update	Nessus	Debian Local Security Checks	8/22/2022	1/22/2025	low
189418	RHCOS 4 : OpenShift Container Platform 4.8.56 (RHSA-2023:0017)	Nessus	Red Hat Local Security Checks	1/24/2024	1/24/2024	high
255395	Linux Distros Unpatched Vulnerability : CVE-2022-2048	Nessus	Misc.	8/26/2025	8/26/2025	high
212439	Oracle Siebel Server <= 23.5 (July 2023 CPU)	Nessus	Misc.	12/11/2024	12/12/2024	critical
194338	RHEL 8 : OpenShift Container Platform 4.8.56 (RHSA-2023:0017)	Nessus	Red Hat Local Security Checks	4/28/2024	11/7/2024	high
241484	TencentOS Server 4: jetty (TSSA-2025:0390)	Nessus	Tencent Local Security Checks	7/7/2025	12/4/2025	high
194242	RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3663)	Nessus	Red Hat Local Security Checks	4/28/2024	11/7/2024	critical
164898	Jenkins LTS < 2.361.1 / Jenkins weekly < 2.363	Nessus	CGI abuses	9/9/2022	6/4/2024	high
189442	RHCOS 4 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)	Nessus	Red Hat Local Security Checks	1/24/2024	1/24/2024	critical
193747	RHEL 8 : OpenShift Container Platform 4.9.56 (RHSA-2023:0777)	Nessus	Red Hat Local Security Checks	4/23/2024	11/7/2024	critical
166370	Oracle Database Server (Oct 2022 CPU)	Nessus	Databases	10/21/2022	10/24/2023	critical

Detections

Analytics

Plugins Search

low

low

high

high

critical

high

high

critical

high

critical

critical

critical