ID de Prueba:	1.3.6.1.4.1.25623.1.0.807344
Categoría:	Web application abuses
Título:	Jenkins Multiple Vulnerabilities (Mar 2015) - Windows
Resumen:	Jenkins is prone to multiple vulnerabilities.
Descripción:	Summary: Jenkins is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The part of Jenkins that issues a new API token was not adequately protected against anonymous attackers. This allows an attacker to escalate privileges on Jenkins. - A without any access to Jenkins can navigate the user to a carefully crafted URL and have the user execute unintended actions. This vulnerability can be used to attack Jenkins inside firewalls from outside so long as the location of Jenkins is known to the attacker. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information, bypass the protection mechanism, gain elevated privileges, bypass intended access restrictions and execute arbitrary code. Affected Software/OS: Jenkins main line 1.605 and prior, Jenkins LTS 1.596.1 and prior. Solution: Jenkins main line users should update to 1.606, Jenkins LTS users should update to 1.596.2. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1812 RedHat Security Advisories: RHSA-2015:1844 http://rhn.redhat.com/errata/RHSA-2015-1844.html RedHat Security Advisories: RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070 Common Vulnerability Exposure (CVE) ID: CVE-2015-1813 Common Vulnerability Exposure (CVE) ID: CVE-2015-1814
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.