The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:2205 advisory.

  - credentials: Stored XSS vulnerabilities in jenkins plugin (CVE-2022-29036)

  - Jira: Stored XSS vulnerabilities in Jenkins Jira plugin (CVE-2022-29041)

  - subversion: Stored XSS vulnerabilities in Jenkins subversion plugin (CVE-2022-29046)

  - Pipeline Shared Groovy Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared     Groovy Libraries Plugin (CVE-2022-29047)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1600 advisory.

  - cri-o: Default inheritable capabilities for linux container should be empty (CVE-2022-27652)

  - credentials: Stored XSS vulnerabilities in jenkins plugin (CVE-2022-29036)

  - Jira: Stored XSS vulnerabilities in Jenkins Jira plugin (CVE-2022-29041)

  - subversion: Stored XSS vulnerabilities in Jenkins subversion plugin (CVE-2022-29046)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.10, or 2.x prior to 2.332.2.6. It is, therefore, affected by multiple vulnerabilities, including the following:

  - Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows     attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured     SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved     library in their pull request, even if the Pipeline is configured to not trust them. (CVE-2022-29047)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows     attackers to connect to an attacker-specified URL. (CVE-2022-29048)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier     allows attackers to connect to an FTP server using attacker-specified credentials. (CVE-2022-29050)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its their self-reported version number, the version of Jenkins plugins running on the remote web server are Jenkins CVS Plugin prior to 2.19.1, Credentials Plugin prior to 1112., Extended Choice Parameter Plugin 346. or earlier, Gerrit Trigger Plugin prior to 2.35.3, Git Parameter Plugin prior to 0.9.16, Google Compute Engine Plugin prior to 4.3.9, Jira Plugin prior to 3.7.1, Job Generator Plugin 1.22 or earlier, Mask Passwords Plugin prior to 3.1, Node and Label parameter Plugin prior to 1.10.3.1, Pipeline: Shared Groovy Libraries Plugin prior to 566., Publish Over FTP Plugin prior to 1.17, Subversion Plugin prior to 2.15.4, promoted builds Plugin prior to 876.. They are, therefore, affected by multiple vulnerabilities:

  - Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4,     1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters     on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable     by attackers with Item/Configure permission. (CVE-2022-29036)

  - Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and     description of Extended Choice parameters on views displaying parameters, resulting in a stored cross-site     scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. (CVE-2022-29038)

  - Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64     Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS)     vulnerability exploitable by attackers with Item/Configure permission. (CVE-2022-29039)

  - Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters     on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable     by attackers with Item/Configure permission. (CVE-2022-29040)

  - Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue     and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site     scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. (CVE-2022-29041)

  - Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator     Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in     a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
    (CVE-2022-29042)

  - Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored     Password parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS)     vulnerability exploitable by attackers with Item/Configure permission. (CVE-2022-29043)

  - Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of     Node and Label parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS)     vulnerability exploitable by attackers with Item/Configure permission. (CVE-2022-29044)

  - Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and     description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site     scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. (CVE-2022-29045)

  - Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion     tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting     (XSS) vulnerability exploitable by attackers with Item/Configure permission. (CVE-2022-29046)

  - Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows     attackers able to submit pull requests (or equivalent), but not able to commit directly to the configured     SCM, to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved     library in their pull request, even if the Pipeline is configured to not trust them. (CVE-2022-29047)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows     attackers to connect to an attacker-specified URL. (CVE-2022-29048)

  - Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names     of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion     with an unsafe name. (CVE-2022-29049)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier     allows attackers to connect to an FTP server using attacker-specified credentials. (CVE-2022-29050)

  - Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with     Overall/Read permission to connect to an FTP server using attacker-specified credentials. (CVE-2022-29051)

  - Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent     config.xml files on the Jenkins controller where they can be viewed by users with Extended Read     permission, or access to the Jenkins controller file system. (CVE-2022-29052)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
161355	RHEL 8 : OpenShift Container Platform 4.9.33 (RHSA-2022:2205)	Nessus	Red Hat Local Security Checks	5/19/2022	4/23/2024	medium
160455	RHEL 8 : OpenShift Container Platform 4.10.12 (RHSA-2022:1600)	Nessus	Red Hat Local Security Checks	5/2/2022	4/28/2024	medium
161210	Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.10 / 2.332.2.6 Multiple Vulnerabilities (CloudBees Security Advisory 2022-04-12)	Nessus	CGI abuses	5/16/2022	6/4/2024	high
161440	Jenkins plugins Multiple Vulnerabilities (2022-04-12)	Nessus	CGI abuses	5/23/2022	10/3/2024	high

Detections

Analytics

Plugins Search

medium

medium

high

high