Test ID:	1.3.6.1.4.1.25623.1.0.807343
Category:	Web application abuses
Title:	Jenkins Multiple Vulnerabilities (Mar 2015) - Linux
Summary:	Jenkins is prone to multiple vulnerabilities.
Description:	Summary: Jenkins is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The part of Jenkins that issues a new API token was not adequately protected against anonymous attackers. This allows an attacker to escalate privileges on Jenkins. - A without any access to Jenkins can navigate the user to a carefully crafted URL and have the user execute unintended actions. This vulnerability can be used to attack Jenkins inside firewalls from outside so long as the location of Jenkins is known to the attacker. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information, bypass the protection mechanism, gain elevated privileges, bypass intended access restrictions and execute arbitrary code. Affected Software/OS: Jenkins main line 1.605 and prior, Jenkins LTS 1.596.1 and prior. Solution: Jenkins main line users should update to 1.606, Jenkins LTS users should update to 1.596.2. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1812 RedHat Security Advisories: RHSA-2015:1844 http://rhn.redhat.com/errata/RHSA-2015-1844.html RedHat Security Advisories: RHSA-2016:0070 https://access.redhat.com/errata/RHSA-2016:0070 Common Vulnerability Exposure (CVE) ID: CVE-2015-1813 Common Vulnerability Exposure (CVE) ID: CVE-2015-1814
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.