Test ID:	1.3.6.1.4.1.25623.1.0.808269
Category:	Web application abuses
Title:	Jenkins Multiple Vulnerabilities (Nov 2015) - Linux
Summary:	This host is installed with; Jenkins and is prone to multiple vulnerabilities.
Description:	Summary: This host is installed with Jenkins and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error in 'Fingerprints' pages. - The usage of publicly accessible salt to generate CSRF protection tokens. - The XML external entity (XXE) vulnerability in the create-job CLI command. - An improper verification of the shared secret used in JNLP slave connections. - An error in sidepanel widgets in the CLI command overview and help pages. - The directory traversal vulnerability in while requesting jnlpJars. - An improper restriction on access to API tokens. - The cross-site scripting vulnerability in the slave overview page. - The unsafe deserialization in Jenkins remoting. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information, bypass the protection mechanism, gain elevated privileges, bypass intended access restrictions and execute arbitrary code. Affected Software/OS: All Jenkins main line releases up to and including 1.637, all Jenkins LTS releases up to and including 1.625.1. Solution: Jenkins main line users should update to 1.638, Jenkins LTS users should update to 1.625.2. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Cross-Ref:	BugTraq ID: 77572 BugTraq ID: 77570 BugTraq ID: 77574 BugTraq ID: 77636 BugTraq ID: 77619 Common Vulnerability Exposure (CVE) ID: CVE-2015-5317 RedHat Security Advisories: RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070 RedHat Security Advisories: RHSA-2016:0489 http://rhn.redhat.com/errata/RHSA-2016-0489.html Common Vulnerability Exposure (CVE) ID: CVE-2015-5318 Common Vulnerability Exposure (CVE) ID: CVE-2015-5319 Common Vulnerability Exposure (CVE) ID: CVE-2015-5320 Common Vulnerability Exposure (CVE) ID: CVE-2015-5321 Common Vulnerability Exposure (CVE) ID: CVE-2015-5322 Common Vulnerability Exposure (CVE) ID: CVE-2015-5323 Common Vulnerability Exposure (CVE) ID: CVE-2015-5324 Common Vulnerability Exposure (CVE) ID: CVE-2015-5325 Common Vulnerability Exposure (CVE) ID: CVE-2015-5326 Common Vulnerability Exposure (CVE) ID: CVE-2015-8103 http://www.securityfocus.com/bid/77636 https://www.exploit-db.com/exploits/38983/ http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html http://www.openwall.com/lists/oss-security/2015/11/09/5 http://www.openwall.com/lists/oss-security/2015/11/18/11 http://www.openwall.com/lists/oss-security/2015/11/18/13 http://www.openwall.com/lists/oss-security/2015/11/18/2 Common Vulnerability Exposure (CVE) ID: CVE-2015-7536 Common Vulnerability Exposure (CVE) ID: CVE-2015-7537 Common Vulnerability Exposure (CVE) ID: CVE-2015-7538 Common Vulnerability Exposure (CVE) ID: CVE-2015-7539
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.