Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.222.x prior to 2.222.43.0.1, 2.249.x prior to 2.249.30.0.1, or 2.x prior to 2.263.2.2. It is, therefore, affected by multiple vulnerabilities, including the following:

  - Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure     various objects to inject crafted content into Old Data Monitor that results in the instantiation of     potentially unsafe objects once discarded by an administrator. (CVE-2021-21604)

  - Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose     agent names that cause Jenkins to override the global `config.xml` file. (CVE-2021-21605)

  - Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of     always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they     did have Overall/Read permission. (CVE-2021-21609)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container     Platform 4.5.33. See the following advisory for the container images for     this release:

    https://access.redhat.com/errata/RHSA-2021:0428

    Security Fix(es):

    * jenkins:  XSS vulnerability in notification bar (CVE-2021-21603)

    * jenkins:  Improper handling of REST API XML deserialization errors (CVE-2021-21604)

    * jenkins:  Path traversal vulnerability in agent names (CVE-2021-21605)

    * jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)

    * jenkins:  Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)

    * jenkins:  Stored XSS vulnerability on new item page (CVE-2021-21611)

    * ant: insecure temporary file vulnerability (CVE-2020-1945)

    * ant: insecure temporary file (CVE-2020-11979)

    * jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)

    * jenkins:  Arbitrary file existence check in file fingerprints (CVE-2021-21606)

    * jenkins:  Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)

    * jenkins: Filesystem traversal by privileged users (CVE-2021-21615)

    * jenkins:  Missing permission check for paths with specific prefix (CVE-2021-21609)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    Security Fix(es):

    * jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks     (CVE-2020-2304)

    * jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks     (CVE-2020-2305)

    * ant: Insecure temporary file vulnerability (CVE-2020-1945)

    * jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information     disclosure (CVE-2020-2306)

    * jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes     plug-in (CVE-2020-2307)

    * jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates     (CVE-2020-2308)

    * jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating     credentials IDs (CVE-2020-2309)

    * ant: Insecure temporary file (CVE-2020-11979)

    * python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

    This advisory contains the RPM packages for Red Hat OpenShift Container     Platform 3.11.394. See the following advisory for the container images for this release:

    https://access.redhat.com/errata/RHBA-2021:0638

    Space precludes documenting all of the container images in this advisory. See the following Release Notes     documentation, which will be updated shortly for this release, for details about these changes:

    https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html

    This update fixes the following bugs among others:

    * Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters.
    This was causing come clusters to never complete their restart. This bug fix passes the logging ops     cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)

    * Previously, the `openshift_named_certificates` role checked the contents of the `ca-bundle.crt` file     during cluster installation. This caused the check to fail during initial installation because the `ca-     bundle.crt` file is not yet created in that scenario. This bug fix allows the cluster to skip checking the     `ca-bundle.crt` file if it does not exist, resulting in initial installations succeeding. (BZ#1920567)

    * Previously, if the `openshift_release` attribute was not set in the Ansible inventory file, the nodes of     the cluster would fail during an upgrade. This was caused by the `cluster_facts.yml` file being gathered     before the `openshift_release` attribute was defined by the upgrade playbook. Now the `cluster_facts.yml`     file is gathered after the `openshift_version` role runs and the `openshift_release` attribute is set,     allowing for successful node upgrades. (BZ#1921353)

    All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0423 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container     Platform 4.6.17. See the following advisory for the container images for     this release:

    https://access.redhat.com/errata/RHBA-2021:0424

    Security Fix(es):

    * jenkins:  XSS vulnerability in notification bar (CVE-2021-21603)

    * jenkins:  Improper handling of REST API XML deserialization errors (CVE-2021-21604)

    * jenkins:  Path traversal vulnerability in agent names (CVE-2021-21605)

    * jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)

    * jenkins:  Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)

    * jenkins:  Stored XSS vulnerability on new item page (CVE-2021-21611)

    * ant: insecure temporary file vulnerability (CVE-2020-1945)

    * ant: insecure temporary file (CVE-2020-11979)

    * jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)

    * jenkins:  Arbitrary file existence check in file fingerprints (CVE-2021-21606)

    * jenkins:  Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)

    * jenkins: Filesystem traversal by privileged users (CVE-2021-21615)

    * jenkins:  Missing permission check for paths with specific prefix (CVE-2021-21609)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Jenkins running on the remote web server is prior to 2.275 or is a version of Jenkins LTS prior to 2.263.2. It is, therefore, affected by multiple vulnerabilities, including the following:

  - Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent     names that cause Jenkins to override the global `config.xml` file. (CVE-2021-21605)

  - Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various     objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe     objects once discarded by an administrator. (CVE-2021-21604)

  - Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always     accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have     Overall/Read permission. (CVE-2021-21609)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
155715	Jenkins Enterprise and Operations Center < 2.222.43.0.1 / 2.249.30.0.1 / 2.263.2.2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-01-13)	Nessus	CGI abuses	high
147015	RHEL 7 / 8 : OpenShift Container Platform 4.5.33 (RHSA-2021:0429)	Nessus	Red Hat Local Security Checks	high
147013	RHEL 7 : OpenShift Container Platform 3.11.394 (RHSA-2021:0637)	Nessus	Red Hat Local Security Checks	high
146566	RHEL 8 : OpenShift Container Platform 4.6.17 (RHSA-2021:0423)	Nessus	Red Hat Local Security Checks	high
145248	Jenkins < 2.263.2 LTS / 2.275 Multiple Vulnerabilities	Nessus	CGI abuses	high

Detections

Analytics

CVE-2021-21602

medium

Tenable Plugins

high

high

high

high

high