The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c5dafd73-adfd-11ef-af27-00e081b7aa2d advisory.

    Jenkins Security Advisory:
    Denial of service vulnerability in bundled json-lib

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:2222 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated     jobs, such as building a software project or jobs run by cron.

    Security Fix(es):

    * org.jenkinsci.plugins/pipeline-model-definition: Jenkins Pipeline     Declarative Plugin Allows Restart of Builds with Unapproved     Jenkinsfile(CVE-2024-52551)
    * org.jenkins-ci.plugins/script-security: Jenkins Script Security Plugin     File Disclosure Vulnerability(CVE-2024-52549)
    * org.jenkins-ci.plugins.workflow/workflow-cps: Lack of Approval Check for     Rebuilt Jenkins Pipelines(CVE-2024-52550)
    * jenkins: XStream is vulnerable to a Denial of Service attack due to stack     overflow from a manipulated binary input stream(CVE-2024-47072)
    * jenkins: Mishandling of an unbalanced comment string in     json-lib(CVE-2024-47855)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,     and other related information, refer to the CVE page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. (CVE-2024-47855)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:2218 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated     jobs, such as building a software project or jobs run by cron.

    Security Fix(es):

    * org.jenkinsci.plugins/pipeline-model-definition: Jenkins Pipeline Declarative Plugin Allows Restart of     Builds with Unapproved Jenkinsfile(CVE-2024-52551)
    * org.jenkins-ci.plugins/script-security: Jenkins Script Security Plugin File Disclosure     Vulnerability(CVE-2024-52549)
    * org.jenkins-ci.plugins.workflow/workflow-cps: Lack of Approval Check for Rebuilt Jenkins     Pipelines(CVE-2024-52550)
    * jenkins: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated     binary input stream(CVE-2024-47072)
    * jenkins: Mishandling of an unbalanced comment string in json-lib(CVE-2024-47855)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,     and other related information, refer to the CVE page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:2221 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated     jobs, such as building a software project or jobs run by cron.

    Security Fix(es):

    * org.jenkinsci.plugins/pipeline-model-definition: Jenkins Pipeline     Declarative Plugin Allows Restart of Builds with Unapproved     Jenkinsfile(CVE-2024-52551)
    * org.jenkins-ci.plugins/script-security: Jenkins Script Security Plugin     File Disclosure Vulnerability(CVE-2024-52549)
    * org.jenkins-ci.plugins.workflow/workflow-cps: Lack of Approval Check for     Rebuilt Jenkins Pipelines(CVE-2024-52550)
    * jenkins: XStream is vulnerable to a Denial of Service attack due to stack     overflow from a manipulated binary input stream(CVE-2024-47072)
    * jenkins: Mishandling of an unbalanced comment string in     json-lib(CVE-2024-47855)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,     and other related information, refer to the CVE page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:2220 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated     jobs, such as building a software project or jobs run by cron.

    Security Fix(es):

    * org.jenkinsci.plugins/pipeline-model-definition: Jenkins Pipeline     Declarative Plugin Allows Restart of Builds with Unapproved     Jenkinsfile(CVE-2024-52551)
    * org.jenkins-ci.plugins/script-security: Jenkins Script Security Plugin     File Disclosure Vulnerability(CVE-2024-52549)
    * org.jenkins-ci.plugins.workflow/workflow-cps: Lack of Approval Check for     Rebuilt Jenkins Pipelines(CVE-2024-52550)
    * jenkins: XStream is vulnerable to a Denial of Service attack due to stack     overflow from a manipulated binary input stream(CVE-2024-47072)
    * jenkins: Mishandling of an unbalanced comment string in     json-lib(CVE-2024-47855)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,     and other related information, refer to the CVE page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:2223 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated     jobs, such as building a software project or jobs run by cron.

    Security Fix(es):

    * org.jenkinsci.plugins/pipeline-model-definition: Jenkins Pipeline     Declarative Plugin Allows Restart of Builds with Unapproved     Jenkinsfile(CVE-2024-52551)
    * org.jenkins-ci.plugins/script-security: Jenkins Script Security Plugin     File Disclosure Vulnerability(CVE-2024-52549)
    * org.jenkins-ci.plugins.workflow/workflow-cps: Lack of Approval Check for     Rebuilt Jenkins Pipelines(CVE-2024-52550)
    * jenkins: XStream is vulnerable to a Denial of Service attack due to stack     overflow from a manipulated binary input stream(CVE-2024-47072)
    * jenkins: Mishandling of an unbalanced comment string in     json-lib(CVE-2024-47855)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,     and other related information, refer to the CVE page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:3543-1 advisory.

    - CVE-2024-47855: Fixed mishandled unbalanced comment string (bsc#1231295)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:2219 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated     jobs, such as building a software project or jobs run by cron.

    Security Fix(es):

    * org.jenkinsci.plugins/pipeline-model-definition: Jenkins Pipeline     Declarative Plugin Allows Restart of Builds with Unapproved     Jenkinsfile(CVE-2024-52551)
    * org.jenkins-ci.plugins/script-security: Jenkins Script Security Plugin     File Disclosure Vulnerability(CVE-2024-52549)
    * org.jenkins-ci.plugins.workflow/workflow-cps: Lack of Approval Check for     Rebuilt Jenkins Pipelines(CVE-2024-52550)
    * jenkins: XStream is vulnerable to a Denial of Service attack due to stack     overflow from a manipulated binary input stream(CVE-2024-47072)
    * jenkins: Mishandling of an unbalanced comment string in     json-lib(CVE-2024-47855)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,     and other related information, refer to the CVE page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities:

  - util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. (CVE-2024-47855)

  - Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-     site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. (CVE-2024-54003)

  - Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File     system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names     on the Jenkins controller file system. (CVE-2024-54004)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
211972	FreeBSD : jenkins -- Denial of service vulnerability in bundled json-lib (c5dafd73-adfd-11ef-af27-00e081b7aa2d)	Nessus	FreeBSD Local Security Checks	11/30/2024	11/30/2024	medium
228830	RHEL 8 : Red Hat Product OCP Tools 4.13 Openshift Jenkins (RHSA-2025:2222)	Nessus	Red Hat Local Security Checks	3/5/2025	3/5/2025	high
229487	Linux Distros Unpatched Vulnerability : CVE-2024-47855	Nessus	Misc.	3/5/2025	3/5/2025	medium
228827	RHEL 9 : Red Hat Product OCP Tools 4.17 Openshift Jenkins (RHSA-2025:2218)	Nessus	Red Hat Local Security Checks	3/5/2025	3/5/2025	high
228829	RHEL 8 : Red Hat Product OCP Tools 4.14 Openshift Jenkins (RHSA-2025:2221)	Nessus	Red Hat Local Security Checks	3/5/2025	3/5/2025	high
228826	RHEL 8 : Red Hat Product OCP Tools 4.15 Openshift Jenkins (RHSA-2025:2220)	Nessus	Red Hat Local Security Checks	3/5/2025	3/5/2025	high
228832	RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2025:2223)	Nessus	Red Hat Local Security Checks	3/5/2025	3/5/2025	high
208424	openSUSE 15 Security Update : json-lib (SUSE-SU-2024:3543-1)	Nessus	SuSE Local Security Checks	10/9/2024	11/8/2024	medium
228828	RHEL 9 : Red Hat Product OCP Tools 4.16 Openshift Jenkins (RHSA-2025:2219)	Nessus	Red Hat Local Security Checks	3/5/2025	3/5/2025	high
211917	Jenkins plugins Multiple Vulnerabilities (2024-11-27)	Nessus	CGI abuses	11/27/2024	11/28/2024	high

Detections

Analytics

Plugins Search

medium

high

medium

high

high

high

high

medium

high

high