Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.807012
Categoría:Web application abuses
Título:Jenkins Multiple Vulnerabilities (Feb 2014) - Windows
Resumen:This host is installed with; Jenkins and is prone to multiple vulnerabilities.
Descripción:Summary:
This host is installed with
Jenkins and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Improper access restiction by 'BuildTrigger'.

- Improper session handling by 'Winstone servlet container'.

- Error in input control in PasswordParameterDefinition.

- Error in handling of API tokens.

- Error in 'loadUserByUsername' function in the
hudson/security/HudsonPrivateSecurityRealm.java script.

- Insufficient validation of user supplied input via iconSize cookie.

- Session fixation vulnerability via vectors involving the 'override' of
Jenkins cookies.

- 'doIndex' function in hudson/util/RemotingDiagnostics.java script does not
restrict accessing sensitive information via vectors related to heapDump.

- An unspecified vulnerability.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to obtain sensitive information, hijack web sessions, conduct
clickjacking attacks, inject arbitrary web script or HTML, bypass the
protection mechanism, gain elevated privileges, bypass intended access
restrictions and execute arbitrary code.

Affected Software/OS:
Jenkins main line prior to 1.551, Jenkins LTS prior to 1.532.2.

Solution:
Jenkins main line users should update to 1.551,
Jenkins LTS users should update to 1.532.2.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 65694
BugTraq ID: 65720
Common Vulnerability Exposure (CVE) ID: CVE-2014-2068
http://www.openwall.com/lists/oss-security/2014/02/21/2
Common Vulnerability Exposure (CVE) ID: CVE-2014-2066
Common Vulnerability Exposure (CVE) ID: CVE-2014-2065
Common Vulnerability Exposure (CVE) ID: CVE-2014-2064
Common Vulnerability Exposure (CVE) ID: CVE-2014-2063
Common Vulnerability Exposure (CVE) ID: CVE-2014-2062
Common Vulnerability Exposure (CVE) ID: CVE-2014-2061
Common Vulnerability Exposure (CVE) ID: CVE-2014-2060
Common Vulnerability Exposure (CVE) ID: CVE-2014-2058
Common Vulnerability Exposure (CVE) ID: CVE-2013-7285
https://x-stream.github.io/CVE-2013-7285.html
http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E
http://seclists.org/oss-sec/2014/q1/69
https://www.mail-archive.com/user@xstream.codehaus.org/msg00604.html
https://www.mail-archive.com/user@xstream.codehaus.org/msg00607.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-5573
BugTraq ID: 64414
http://www.securityfocus.com/bid/64414
Bugtraq: 20131217 [CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms (Google Search)
http://seclists.org/bugtraq/2013/Dec/104
http://www.exploit-db.com/exploits/30408
http://seclists.org/fulldisclosure/2013/Dec/159
http://packetstormsecurity.com/files/124513
http://www.osvdb.org/101187
XForce ISS Database: jenkins-cve20135573-xss(89872)
https://exchange.xforce.ibmcloud.com/vulnerabilities/89872
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.