Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.807013
Kategorie:Web application abuses
Titel:Jenkins Multiple Vulnerabilities (Oct 2014) - Windows
Zusammenfassung:This host is installed with; Jenkins and is prone to multiple vulnerabilities.
Beschreibung:Summary:
This host is installed with
Jenkins and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Jenkins does not properly prevent downloading of plugins.

- Insufficient sanitization of packets over the CLI channel.

- Password exposure in DOM.

- Error in job configuration permission.

- Thread exhaustion via vectors related to a CLI handshake.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to obtain sensitive information, to bypass bypass intended access
restrictions and execute arbitrary code.

Affected Software/OS:
Jenkins main line 1.582 and prior, Jenkins LTS 1.565.2 and prior.

Solution:
Jenkins main line users should update to 1.583,
Jenkins LTS users should update to 1.565.3.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 77953
BugTraq ID: 77963
BugTraq ID: 88193
BugTraq ID: 77977
BugTraq ID: 77955
BugTraq ID: 77961
Common Vulnerability Exposure (CVE) ID: CVE-2014-3661
RedHat Security Advisories: RHSA-2016:0070
https://access.redhat.com/errata/RHSA-2016:0070
Common Vulnerability Exposure (CVE) ID: CVE-2014-3662
Common Vulnerability Exposure (CVE) ID: CVE-2014-3663
Common Vulnerability Exposure (CVE) ID: CVE-2014-3664
https://bugzilla.redhat.com/show_bug.cgi?id=1147765
XForce ISS Database: jenkins-cve20143664-dir-traversal(96973)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96973
Common Vulnerability Exposure (CVE) ID: CVE-2014-3680
Common Vulnerability Exposure (CVE) ID: CVE-2014-3681
https://bugzilla.redhat.com/show_bug.cgi?id=1147766
XForce ISS Database: jenkins-cve20143681-xss(96975)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96975
Common Vulnerability Exposure (CVE) ID: CVE-2014-3666
Common Vulnerability Exposure (CVE) ID: CVE-2014-3667
Common Vulnerability Exposure (CVE) ID: CVE-2013-2186
BugTraq ID: 63174
http://www.securityfocus.com/bid/63174
Debian Security Information: DSA-2827 (Google Search)
http://www.debian.org/security/2013/dsa-2827
https://www.tenable.com/security/research/tra-2016-23
RedHat Security Advisories: RHSA-2013:1428
http://rhn.redhat.com/errata/RHSA-2013-1428.html
RedHat Security Advisories: RHSA-2013:1429
http://rhn.redhat.com/errata/RHSA-2013-1429.html
RedHat Security Advisories: RHSA-2013:1430
http://rhn.redhat.com/errata/RHSA-2013-1430.html
RedHat Security Advisories: RHSA-2013:1442
http://rhn.redhat.com/errata/RHSA-2013-1442.html
RedHat Security Advisories: RHSA-2013:1448
http://rhn.redhat.com/errata/RHSA-2013-1448.html
http://secunia.com/advisories/55716
SuSE Security Announcement: SUSE-SU-2013:1660 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html
SuSE Security Announcement: openSUSE-SU-2013:1571 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html
SuSE Security Announcement: openSUSE-SU-2013:1596 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html
http://ubuntu.com/usn/usn-2029-1
XForce ISS Database: apache-commons-cve20132186-file-overrwite(88133)
https://exchange.xforce.ibmcloud.com/vulnerabilities/88133
Common Vulnerability Exposure (CVE) ID: CVE-2014-1869
BugTraq ID: 65484
http://www.securityfocus.com/bid/65484
https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca
http://secunia.com/advisories/56821
XForce ISS Database: zeroclipboard-cve20141869-xss(91085)
https://exchange.xforce.ibmcloud.com/vulnerabilities/91085
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.