Test ID:	1.3.6.1.4.1.25623.1.0.807349
Category:	Web application abuses
Title:	Jenkins CSRF And XSS Vulnerabilities - Windows
Summary:	Jenkins is prone to cross-site request forgery (CSRF) and cross-; site scripting vulnerabilities.
Description:	Summary: Jenkins is prone to cross-site request forgery (CSRF) and cross- site scripting vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - A cross-site request forgery (CSRF) flaw in the Jenkins master, where an anonymous attacker can trick an administrator to execute arbitrary code on Jenkins master by having him open a specifically crafted attack URL. - The multiple input validation errors. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code on Jenkins master by having him open a specifically crafted attack URL and to execute JavaScript in the browser of other users. Affected Software/OS: Jenkins main line prior to 1.514, Jenkins LTS prior to 1.509.1. Solution: Jenkins main line users should update to 1.514, Jenkins LTS users should update to 1.509.1. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2034 92981 http://osvdb.org/92981 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb Common Vulnerability Exposure (CVE) ID: CVE-2013-2033 92982 http://osvdb.org/92982 jenkins-cve20132033-xss(84004) https://exchange.xforce.ibmcloud.com/vulnerabilities/84004 Common Vulnerability Exposure (CVE) ID: CVE-2013-1808 20130218 XSS vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103 20130220 XSS vulnerabilities in YAML, Multiproject for Trac, UserCollections for Piwigo, TAO and TableTools for DataTables for jQuery http://seclists.org/fulldisclosure/2013/Feb/109 20130301 XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS http://seclists.org/fulldisclosure/2013/Mar/5 20130409 XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress http://seclists.org/fulldisclosure/2013/Apr/88 20130418 XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress http://seclists.org/fulldisclosure/2013/Apr/87 58257 http://www.securityfocus.com/bid/58257 [oss-security] 20130302 Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS - ZeroClipboard.swf http://www.openwall.com/lists/oss-security/2013/03/03/3 [oss-security] 20130310 WordPress plugins vulnerable to CVE-2013-1808 http://www.openwall.com/lists/oss-security/2013/03/10/2 [oss-security] 20130324 XSS vulnerabilities in ZeroClipboard and multiple web applications http://www.openwall.com/lists/oss-security/2013/03/25/1 [oss-security] 20130326 Re: WordPress plugins vulnerable to CVE-2013-1808 http://www.openwall.com/lists/oss-security/2013/03/26/8 http://securityvulns.ru/docs29103.html http://securityvulns.ru/docs29104.html http://securityvulns.ru/docs29105.html https://github.com/jonrohan/ZeroClipboard/blob/master/docs/releases.md#zeroclipboard-108 https://github.com/jonrohan/ZeroClipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.