|Category:||Web application abuses|
|Title:||Jenkins < 2.154 and < 2.138.4 LTS Multiple Vulnerabilities (Windows)|
|Summary:||This host is installed with Jenkins and is prone to multiple vulnerabilities.|
This host is installed with Jenkins and is prone to multiple vulnerabilities.
Jenkins is prone to the following vulnerabilities:
- Code execution through crafted URLs (CVE-2018-1000861).
- Forced migration of user records (CVE-2018-1000863).
- Workspace browser allowed accessing files outside the workspace (CVE-2018-1000862).
- Potential denial of service through cron expression form validation (CVE-2018-1000864).
Jenkins LTS up to and including 2.138.3, Jenkins weekly up to and including 2.153.
Upgrade to Jenkins weekly to 2.154 or later / Jenkins LTS to either 2.138.4 or 2.150.1
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000861|
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000862
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000863
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000864
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 73533 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.