Detections
Analytics

FreeBSD : jenkins -- multiple vulnerabilities (20a1881e-8a9e-11e8-bddf-d017c2ca229d)

high Nessus Plugin ID 111176

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Jenkins Security Advisory : Description(High) SECURITY-897 / CVE-2018-1999001 Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart (High) SECURITY-914 / CVE-2018-1999002 Arbitrary file read vulnerability (Medium) SECURITY-891 / CVE-2018-1999003 Unauthorized users could cancel queued builds (Medium) SECURITY-892 / CVE-2018-1999004 Unauthorized users could initiate and abort agent launches (Medium) SECURITY-944 / CVE-2018-1999005 Stored XSS vulnerability (Medium) SECURITY-925 / CVE-2018-1999006 Unauthorized users are able to determine when a plugin was extracted from its JPI package (Medium) SECURITY-390 / CVE-2018-1999007 XSS vulnerability in Stapler debug mode

Solution

Update the affected packages.

See Also

https://jenkins.io/security/advisory/2018-07-18/

http://www.nessus.org/u?2b48e196

Plugin Details

Severity: High

ID: 111176

File Name: freebsd_pkg_20a1881e8a9e11e8bddfd017c2ca229d.nasl

Version: 1.5

Type: local

Published: 7/20/2018

Updated: 9/4/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-1999002

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2018-1999001

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:jenkins-lts, p-cpe:/a:freebsd:freebsd:jenkins

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/18/2018

Vulnerability Publication Date: 7/18/2018

Reference Information

CVE: CVE-2018-1999001, CVE-2018-1999002, CVE-2018-1999003, CVE-2018-1999004, CVE-2018-1999005, CVE-2018-1999006, CVE-2018-1999007