ID de Prueba:	1.3.6.1.4.1.25623.1.0.807001
Categoría:	Web application abuses
Título:	Jenkins Multiple Vulnerabilities (Nov 2015) - Windows
Resumen:	Jenkins is prone to multiple vulnerabilities.
Descripción:	Summary: Jenkins is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error in 'Fingerprints' pages. - The usage of publicly accessible salt to generate CSRF protection tokens. - The XML external entity (XXE) vulnerability in the create-job CLI command. - An improper verification of the shared secret used in JNLP slave connections. - An error in sidepanel widgets in the CLI command overview and help pages. - The directory traversal vulnerability in while requesting jnlpJars. - An improper restriction on access to API tokens. - The cross-site scripting vulnerability in the slave overview page. - The unsafe deserialization in Jenkins remoting. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information, bypass the protection mechanism, gain elevated privileges, bypass intended access restrictions and execute arbitrary code. Affected Software/OS: All Jenkins main line releases up to and including 1.637, all Jenkins LTS releases up to and including 1.625.1. Solution: Jenkins main line users should update to 1.638, Jenkins LTS users should update to 1.625.2. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5317 RedHat Security Advisories: RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070 RedHat Security Advisories: RHSA-2016:0489 http://rhn.redhat.com/errata/RHSA-2016-0489.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5318 Common Vulnerability Exposure (CVE) ID: CVE-2015-5319 Common Vulnerability Exposure (CVE) ID: CVE-2015-5320 Common Vulnerability Exposure (CVE) ID: CVE-2015-5321 Common Vulnerability Exposure (CVE) ID: CVE-2015-5322 Common Vulnerability Exposure (CVE) ID: CVE-2015-5323 Common Vulnerability Exposure (CVE) ID: CVE-2015-5324 Common Vulnerability Exposure (CVE) ID: CVE-2015-5325 Common Vulnerability Exposure (CVE) ID: CVE-2015-5326 Common Vulnerability Exposure (CVE) ID: CVE-2015-8103 BugTraq ID: 77636 http://www.securityfocus.com/bid/77636 https://www.exploit-db.com/exploits/38983/ http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html http://www.openwall.com/lists/oss-security/2015/11/09/5 http://www.openwall.com/lists/oss-security/2015/11/18/11 http://www.openwall.com/lists/oss-security/2015/11/18/13 http://www.openwall.com/lists/oss-security/2015/11/18/2 Common Vulnerability Exposure (CVE) ID: CVE-2015-7536 Common Vulnerability Exposure (CVE) ID: CVE-2015-7537 Common Vulnerability Exposure (CVE) ID: CVE-2015-7538 Common Vulnerability Exposure (CVE) ID: CVE-2015-7539
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.