ID de Prueba:	1.3.6.1.4.1.25623.1.0.807349
Categoría:	Web application abuses
Título:	Jenkins CSRF And XSS Vulnerabilities - Windows
Resumen:	Jenkins is prone to cross-site request forgery (CSRF) and cross-; site scripting vulnerabilities.
Descripción:	Summary: Jenkins is prone to cross-site request forgery (CSRF) and cross- site scripting vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - A cross-site request forgery (CSRF) flaw in the Jenkins master, where an anonymous attacker can trick an administrator to execute arbitrary code on Jenkins master by having him open a specifically crafted attack URL. - The multiple input validation errors. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code on Jenkins master by having him open a specifically crafted attack URL and to execute JavaScript in the browser of other users. Affected Software/OS: Jenkins main line prior to 1.514, Jenkins LTS prior to 1.509.1. Solution: Jenkins main line users should update to 1.514, Jenkins LTS users should update to 1.509.1. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2034 92981 http://osvdb.org/92981 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb Common Vulnerability Exposure (CVE) ID: CVE-2013-2033 92982 http://osvdb.org/92982 jenkins-cve20132033-xss(84004) https://exchange.xforce.ibmcloud.com/vulnerabilities/84004 Common Vulnerability Exposure (CVE) ID: CVE-2013-1808 20130218 XSS vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103 20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery http://seclists.org/fulldisclosure/2013/Feb/109 20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS http://seclists.org/fulldisclosure/2013/Mar/5 20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress http://seclists.org/fulldisclosure/2013/Apr/88 20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress http://seclists.org/fulldisclosure/2013/Apr/87 58257 http://www.securityfocus.com/bid/58257 [oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf http://www.openwall.com/lists/oss-security/2013/03/03/3 [oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808 http://www.openwall.com/lists/oss-security/2013/03/10/2 [oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications http://www.openwall.com/lists/oss-security/2013/03/25/1 [oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808 http://www.openwall.com/lists/oss-security/2013/03/26/8 http://securityvulns.ru/docs29103.html http://securityvulns.ru/docs29104.html http://securityvulns.ru/docs29105.html https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108 https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.