|Category:||Web application abuses|
|Title:||Jenkins < 2.146 and < 2.138.2 LTS Multiple Vulnerabilities (Windows)|
|Summary:||This host is installed with Jenkins and is prone to multiple vulnerabilities.|
This host is installed with Jenkins and is prone to multiple vulnerabilities.
Jenkins is prone to the following vulnerabilities:
- Path traversal vulnerability in Stapler allowed accessing internal data.
- Arbitrary file write vulnerability using file parameter definitions.
- Reflected XSS vulnerability.
- Ephemeral user record was created on some invalid authentication attempts (CVE-2018-1999043).
- Ephemeral user record creation.
- Session fixation vulnerability on user signup
- Failures to process form submission data could result in secrets being displayed or written to logs.
Jenkins LTS up to and including 2.138.1, Jenkins weekly up to and including 2.145.
Upgrade to Jenkins weekly to 2.146 or later / Jenkins LTS to 2.138.2 or
Common Vulnerability Exposure (CVE) ID: CVE-2018-1999043|
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.