Jenkins LTS < 2.303.2 / Jenkins weekly < 2.315 Multiple Vulnerabilities

medium Nessus Plugin ID 154055

Synopsis

An application running on a remote web server host is affected by multiple vulnerabilities

Description

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.303.2 or Jenkins weekly prior to 2.315. It is, therefore, affected by multiple vulnerabilities:

- Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.
(CVE-2021-21682)

- org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the- middle attackers to spoof SSL servers via a CN= string in a field in the distinguished name (DN) of a certificate, as demonstrated by the foo,CN=www.apache.org string in the O field. (CVE-2014-3577)

- The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files. (CVE-2021-21683)

- Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. (CVE-2021-21684)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade Jenkins weekly to version 2.315 or later or Jenkins LTS to version 2.303.2 or later

See Also

https://jenkins.io/security/advisory/2021-10-06

Plugin Details

Severity: Medium

ID: 154055

File Name: jenkins_2_315.nasl

Version: 1.8

Type: combined

Agent: windows, macosx, unix

Family: CGI abuses

Published: 10/13/2021

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2014-3577

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-21683

Vulnerability Information

CPE: cpe:/a:jenkins:jenkins, cpe:/a:cloudbees:jenkins

Required KB Items: installed_sw/Jenkins

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/6/2021

Vulnerability Publication Date: 8/12/2014

Reference Information

CVE: CVE-2014-3577, CVE-2021-21682, CVE-2021-21683, CVE-2021-21684

IAVA: 2021-A-0460-S