The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.17. It is, therefore, affected by multiple vulnerabilities including the following:

  - CSRF vulnerability and missing permission checks in Code Dx Plugin (CVE-2023-2195, CVE-2023-2631)

  - Missing permission checks in Code Dx Plugin (CVE-2023-2196)

  - API keys stored and displayed in plain text by Code Dx Plugin (CVE-2023-2632, CVE-2023-2633)

  - Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)

  - CSRF vulnerability in LDAP Plugin (CVE-2023-32978)

  - Missing permission check in Email Extension Plugin (CVE-2023-32979)

  - CSRF vulnerability in Email Extension Plugin (CVE-2023-32980)

  - Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)

  - Secrets stored and displayed in plain text by Ansible Plugin (CVE-2023-32982, CVE-2023-32983)

  - Stored XSS vulnerability in TestNG Results Plugin (CVE-2023-32984)

  - Path traversal vulnerability in Sidebar Link Plugin (CVE-2023-32985)

  - Arbitrary file write vulnerability in File Parameter Plugin (CVE-2023-32986)

  - CSRF vulnerability in Reverse Proxy Auth Plugin (CVE-2023-32987)

  - Missing permission check in Azure VM Agents Plugin allows enumerating credentials IDs (CVE-2023-32988)

  - CSRF vulnerability and missing permission checks in Azure VM Agents Plugin (CVE-2023-32989,     CVE-2023-32990)

  - CSRF vulnerability and missing permission checks in SAML Single Sign On(SSO) Plugin allow XXE     (CVE-2023-32991, CVE-2023-32992)

  - Missing hostname validation in SAML Single Sign On(SSO) Plugin (CVE-2023-32993)

  - SSL/TLS certificate validation unconditionally disabled by SAML Single Sign On(SSO) Plugin     (CVE-2023-32994)

  - CSRF vulnerability and missing permission check in SAML Single Sign On(SSO) Plugin (CVE-2023-32995,     CVE-2023-32996)

  - Session fixation vulnerability in CAS Plugin (CVE-2023-32997)

  - CSRF vulnerability and missing permission check in AppSpider Plugin (CVE-2023-32998, CVE-2023-32999)

  - Credentials displayed without masking by NS-ND Integration Performance Publisher Plugin (CVE-2023-33000)

  - Improper masking of credentials in HashiCorp Vault Plugin (CVE-2023-33001)

  - Stored XSS vulnerability in TestComplete support Plugin (CVE-2023-33002)

  - CSRF vulnerability and missing permission checks in Tag Profiler Plugin (CVE-2023-33003, CVE-2023-33004)

  - Session fixation vulnerability in WSO2 Oauth Plugin (CVE-2023-33005)

  - CSRF vulnerability in WSO2 Oauth Plugin (CVE-2023-33006)

  - Stored XSS vulnerability in LoadComplete support Plugin (CVE-2023-33007)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3625 advisory.

  - XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote     attacker to terminate the application with a stack overflow error, resulting in a denial of service only     via manipulation the processed input stream. The attack uses the hash code implementation for collections     and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version     1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential     workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or     set, is to change the default implementation of java.util.Map and java.util per the code example in the     referenced advisory. However, this implies that your application does not care about the implementation of     the map and all elements are comparable. (CVE-2022-41966)

  - Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ** as a pattern in Spring     Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring     Security and Spring MVC, and the potential for a security bypass. (CVE-2023-20860)

  - Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to     be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able     to set build display names immediately. (CVE-2023-32977)

  - Jenkins Email Extension Plugin does not perform a permission check in a method implementing form     validation, allowing attackers with Overall/Read permission to check for the existence of files in the     email-templates/ directory in the Jenkins home directory on the controller file system. (CVE-2023-32979)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to     make another user stop watching an attacker-specified job. (CVE-2023-32980)

  - An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows     attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent     file system with attacker-specified content. (CVE-2023-32981)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3625 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.62. See the     following advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2023:3626

    Security Fix(es):

    * xstream: Denial of Service by injecting recursive collections or maps based on element's hash values     raising a stack overflow (CVE-2022-41966)

    * springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)

    * jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)

    * jenkins-2-plugin: email-ext: Missing permission check in Email Extension Plugin (CVE-2023-32979)

    * jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin (CVE-2023-32980)

    * jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline     Utility Steps Plugin (CVE-2023-32981)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
175835	Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.17 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-16)	Nessus	CGI abuses	5/16/2023	6/4/2024	high
189419	RHCOS 4 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)	Nessus	Red Hat Local Security Checks	1/24/2024	1/24/2024	high
194326	RHEL 8 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)	Nessus	Red Hat Local Security Checks	4/28/2024	11/7/2024	high

Detections

Analytics

Plugins Search

high

high

high