Test ID:	1.3.6.1.4.1.25623.1.0.807342
Category:	Web application abuses
Title:	Jenkins Multiple Vulnerabilities (Feb 2015) - Windows
Summary:	Jenkins is prone to multiple vulnerabilities.
Description:	Summary: Jenkins is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The job configuration privilege to escalate his privileges, resulting in arbitrary code execution to the master. - The build script to access arbitrary files/directories on the master, resulting in the exposure of sensitive information, such as encryption keys. - The operation of Jenkins by feeding malicious update center data into Jenkins, affecting plugin installation and tool installation. - The read access to Jenkins to retrieve arbitrary XML document on the server, resulting in the exposure of sensitive information inside/outside Jenkins. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information, bypass the protection mechanism, gain elevated privileges, bypass intended access restrictions and execute arbitrary code. Affected Software/OS: Jenkins main line prior to 1.600, Jenkins LTS 1.580.3 and prior. Solution: Main line users should upgrade to Jenkins 1.600, LTS users should upgrade to 1.596.1. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1806 RedHat Security Advisories: RHSA-2015:1844 http://rhn.redhat.com/errata/RHSA-2015-1844.html RedHat Security Advisories: RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070 Common Vulnerability Exposure (CVE) ID: CVE-2015-1807 Common Vulnerability Exposure (CVE) ID: CVE-2015-1808 Common Vulnerability Exposure (CVE) ID: CVE-2015-18010
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.