Web application abuses : Jenkins Multiple Vulnerabilities (Feb 2015)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.807341

Categoría: Web application abuses

Título: Jenkins Multiple Vulnerabilities (Feb 2015) - Linux

Resumen: Jenkins is prone to multiple vulnerabilities.

Descripción: Summary:
Jenkins is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- The job configuration privilege to escalate his privileges, resulting in
arbitrary code execution to the master.

- The build script to access arbitrary files/directories on the master, resulting
in the exposure of sensitive information, such as encryption keys.

- The operation of Jenkins by feeding malicious update center data into Jenkins,
affecting plugin installation and tool installation.

- The read access to Jenkins to retrieve arbitrary XML document on the server,
resulting in the exposure of sensitive information inside/outside Jenkins.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to obtain sensitive information, bypass the protection mechanism,
gain elevated privileges, bypass intended access restrictions and execute arbitrary code.

Affected Software/OS:
Jenkins main line prior to 1.600, Jenkins LTS 1.580.3 and prior.

Solution:
Main line users should upgrade to Jenkins 1.600,
LTS users should upgrade to 1.596.1.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-1806
RedHat Security Advisories: RHSA-2015:1844
http://rhn.redhat.com/errata/RHSA-2015-1844.html
RedHat Security Advisories: RHSA-2016:0070
https://access.redhat.com/errata/RHSA-2016:0070
Common Vulnerability Exposure (CVE) ID: CVE-2015-1807
Common Vulnerability Exposure (CVE) ID: CVE-2015-1808
Common Vulnerability Exposure (CVE) ID: CVE-2015-18010

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.807341
Categoría:	Web application abuses
Título:	Jenkins Multiple Vulnerabilities (Feb 2015) - Linux
Resumen:	Jenkins is prone to multiple vulnerabilities.
Descripción:	Summary: Jenkins is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The job configuration privilege to escalate his privileges, resulting in arbitrary code execution to the master. - The build script to access arbitrary files/directories on the master, resulting in the exposure of sensitive information, such as encryption keys. - The operation of Jenkins by feeding malicious update center data into Jenkins, affecting plugin installation and tool installation. - The read access to Jenkins to retrieve arbitrary XML document on the server, resulting in the exposure of sensitive information inside/outside Jenkins. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information, bypass the protection mechanism, gain elevated privileges, bypass intended access restrictions and execute arbitrary code. Affected Software/OS: Jenkins main line prior to 1.600, Jenkins LTS 1.580.3 and prior. Solution: Main line users should upgrade to Jenkins 1.600, LTS users should upgrade to 1.596.1. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1806 RedHat Security Advisories: RHSA-2015:1844 http://rhn.redhat.com/errata/RHSA-2015-1844.html RedHat Security Advisories: RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070 Common Vulnerability Exposure (CVE) ID: CVE-2015-1807 Common Vulnerability Exposure (CVE) ID: CVE-2015-1808 Common Vulnerability Exposure (CVE) ID: CVE-2015-18010
Copyright	Copyright (C) 2016 Greenbone AG