If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8884 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated     jobs, such as building a software project or jobs run by cron.

    Security Fixes:

    * jenkins: Item creation restriction bypass vulnerability (CVE-2024-47804)
    * jenkins: Exposure of multi-line secrets through error messages (CVE-2024-47803)
    * jenkins: Enabling Secure Server Identity Checks for Safer SMTPS Communication (CVE-2021-44549)
    * jenkins: Denial of service when processing a specially crafted Spring Expression Language expression     (CVE-2024-38808)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,     and other related information, refer to the CVE page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8886 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated     jobs, such as building a software project or jobs run by cron.

    Security Fix(es):

    * jenkins: Exposure of multi-line secrets through error messages (CVE-2024-47803)
    * jenkins: Item creation restriction bypass vulnerability (CVE-2024-47804)
    * jenkins: Enabling Secure Server Identity Checks for Safer SMTPS Communication (CVE-2021-44549)
    * jenkins: Denial of service when processing a specially crafted Spring Expression Language expression     (CVE-2024-38808)
    * jenkins-2-plugins: jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies     (CVE-2024-34144)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,     and other related information, refer to the CVE page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8885 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated     jobs, such as building a software project or jobs run by cron.

    Security Fixes:

    * jenkins: Item creation restriction bypass vulnerability (CVE-2024-47804)
    * jenkins: Exposure of multi-line secrets through error messages     (CVE-2024-47803)
    * jenkins: Enabling Secure Server Identity Checks for Safer SMTPS Communication (CVE-2021-44549)
    * jenkins: Denial of service when processing a specially crafted Spring Expression Language expression     (CVE-2024-38808)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,     and other related information, refer to the CVE page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8887 advisory.

    Jenkins is a continuous integration server that monitors executions of repeated     jobs, such as building a software project or jobs run by cron.

    Security Fix(es):

    * jenkins: Item creation restriction bypass vulnerability (CVE-2024-47804)
    * jenkins: Exposure of multi-line secrets through error messages     (CVE-2024-47803)
    * jenkins: Enabling Secure Server Identity Checks for Safer SMTPS Communication     (CVE-2021-44549)
    * jenkins: Denial of service when processing a specially crafted Spring Expression Language expression     (CVE-2024-38808)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,     and other related information, refer to the CVE page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3c6f8270-3210-4e2f-ba72-a9cdca7417a0 advisory.

    Jenkins Security Advisory:
    Exposure of multi-line secrets through error messages in Jenkins     Item creation restriction bypass vulnerability in Jenkins

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.462.3 or Jenkins weekly prior to 2.479. It is, therefore, affected by multiple vulnerabilities:

  - Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error     messages generated for form submissions involving the `secretTextarea` form field. (CVE-2024-47803)

  - If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or     `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of     these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only     deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it,     effectively bypassing the item creation restriction. (CVE-2024-47804)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
210367	RHEL 8 : Red Hat Product OCP Tools 4.15 Openshift Jenkins (RHSA-2024:8884)	Nessus	Red Hat Local Security Checks	high
210366	RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2024:8886)	Nessus	Red Hat Local Security Checks	high
210365	RHEL 8 : Red Hat Product OCP Tools 4.14 Openshift Jenkins (RHSA-2024:8885)	Nessus	Red Hat Local Security Checks	high
210364	RHEL 8 : Red Hat Product OCP Tools 4.13 Openshift Jenkins (RHSA-2024:8887)	Nessus	Red Hat Local Security Checks	high
208146	FreeBSD : jenkins -- multiple vulnerabilities (3c6f8270-3210-4e2f-ba72-a9cdca7417a0)	Nessus	FreeBSD Local Security Checks	medium
208098	Jenkins LTS < 2.462.3 / Jenkins weekly < 2.479 Multiple Vulnerabilities	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2024-47804

medium

Tenable Plugins

high

high

high

high

medium

medium