ID de Prueba:	1.3.6.1.4.1.25623.1.0.807013
Categoría:	Web application abuses
Título:	Jenkins Multiple Vulnerabilities (Oct 2014) - Windows
Resumen:	Jenkins is prone to multiple vulnerabilities.
Descripción:	Summary: Jenkins is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Jenkins does not properly prevent downloading of plugins. - Insufficient sanitization of packets over the CLI channel. - Password exposure in DOM. - Error in job configuration permission. - Thread exhaustion via vectors related to a CLI handshake. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information, to bypass bypass intended access restrictions and execute arbitrary code. Affected Software/OS: Jenkins main line 1.582 and prior, Jenkins LTS 1.565.2 and prior. Solution: Jenkins main line users should update to 1.583, Jenkins LTS users should update to 1.565.3. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3661 RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 Common Vulnerability Exposure (CVE) ID: CVE-2014-3662 Common Vulnerability Exposure (CVE) ID: CVE-2014-3663 Common Vulnerability Exposure (CVE) ID: CVE-2014-3664 https://bugzilla.redhat.com/show_bug.cgi?id=1147765 jenkins-cve20143664-dir-traversal(96973) https://exchange.xforce.ibmcloud.com/vulnerabilities/96973 Common Vulnerability Exposure (CVE) ID: CVE-2014-3680 Common Vulnerability Exposure (CVE) ID: CVE-2014-3681 https://bugzilla.redhat.com/show_bug.cgi?id=1147766 jenkins-cve20143681-xss(96975) https://exchange.xforce.ibmcloud.com/vulnerabilities/96975 Common Vulnerability Exposure (CVE) ID: CVE-2014-3666 Common Vulnerability Exposure (CVE) ID: CVE-2014-3667 Common Vulnerability Exposure (CVE) ID: CVE-2013-2186 55716 http://secunia.com/advisories/55716 63174 http://www.securityfocus.com/bid/63174 DSA-2827 http://www.debian.org/security/2013/dsa-2827 RHSA-2013:1428 http://rhn.redhat.com/errata/RHSA-2013-1428.html RHSA-2013:1429 http://rhn.redhat.com/errata/RHSA-2013-1429.html RHSA-2013:1430 http://rhn.redhat.com/errata/RHSA-2013-1430.html RHSA-2013:1442 http://rhn.redhat.com/errata/RHSA-2013-1442.html RHSA-2013:1448 http://rhn.redhat.com/errata/RHSA-2013-1448.html SUSE-SU-2013:1660 http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html USN-2029-1 http://ubuntu.com/usn/usn-2029-1 apache-commons-cve20132186-file-overrwite(88133) https://exchange.xforce.ibmcloud.com/vulnerabilities/88133 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html https://www.tenable.com/security/research/tra-2016-23 openSUSE-SU-2013:1571 http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html openSUSE-SU-2013:1596 http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1869 BugTraq ID: 65484 http://www.securityfocus.com/bid/65484 https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca RedHat Security Advisories: RHSA-2016:0070 http://secunia.com/advisories/56821 XForce ISS Database: zeroclipboard-cve20141869-xss(91085) https://exchange.xforce.ibmcloud.com/vulnerabilities/91085
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.