Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.JENKINS_1_502.NASL
HistoryMar 06, 2013 - 12:00 a.m.

Jenkins < 1.502 / 1.480.3 and Jenkins Enterprise 1.447.x / 1.466.x / 1.480.x < 1.447.7.1 / 1.466.13.1 / 1.480.3.1 Multiple Vulnerabilities

2013-03-0600:00:00
This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.7%

JSON

The remote web server hosts a version of Jenkins or Jenkins Enterprise that is affected by multiple vulnerabilities :

  • An unspecified cross-site scripting vulnerability.
    (CVE-2013-0328)

  • Multiple unspecified cross-site request forgery vulnerabilities. (CVE-2013-0327, CVE-2013-0329)

  • An unspecified denial of service vulnerability.
    (CVE-2013-0331)

  • An unspecified security bypass vulnerability exists that could allow an attacker to build otherwise restricted jobs. (CVE-2013-0330)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(65056);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");

  script_cve_id(
    "CVE-2013-0327",
    "CVE-2013-0328",
    "CVE-2013-0329",
    "CVE-2013-0330",
    "CVE-2013-0331"
  );
  script_bugtraq_id(
    58454,
    58456,
    58721,
    58722,
    58726
  );

  script_name(english:"Jenkins < 1.502 / 1.480.3 and Jenkins Enterprise 1.447.x / 1.466.x / 1.480.x < 1.447.7.1 / 1.466.13.1 / 1.480.3.1 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts a job scheduling / management system that
is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote web server hosts a version of Jenkins or Jenkins Enterprise
that is affected by multiple vulnerabilities :

  - An unspecified cross-site scripting vulnerability.
   (CVE-2013-0328)

  - Multiple unspecified cross-site request forgery
    vulnerabilities. (CVE-2013-0327, CVE-2013-0329)

  - An unspecified denial of service vulnerability.
    (CVE-2013-0331)

  - An unspecified security bypass vulnerability exists
    that could allow an attacker to build otherwise
    restricted jobs. (CVE-2013-0330)");
  # https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?874c7641");
  # https://www.cloudbees.com/jenkins-security-advisory-2013-02-16
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?02083a79");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Jenkins 1.502 / 1.480.3, Jenkins Enterprise 1.447.7.1 /
1.466.13.1 / 1.480.3.1 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0329");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/06");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cloudbees:jenkins");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:jenkins:jenkins");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("jenkins_detect.nasl", "jenkins_win_installed.nbin", "jenkins_nix_installed.nbin", "macosx_jenkins_installed.nbin");
  script_require_keys("installed_sw/Jenkins");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_info = vcf::combined_get_app_info(app:'Jenkins');

var constraints = [
  { 'fixed_version' : '1.502',      'fixed_display' : '1.502 / 1.480.3',  'edition':'Open Source' },
  { 'fixed_version' : '1.480.3',    'fixed_display' : '1.502 / 1.480.3',  'edition':'Open Source LTS' },
  { 'min_version' : '1.447', 'fixed_version' : '1.447.7.1',   'fixed_display' : '1.447.7.1 / 1.466.13.1 / 1.480.3.1', 'edition':'Enterprise' },
  { 'min_version' : '1.466', 'fixed_version' : '1.466.13.1',  'fixed_display' : '1.447.7.1 / 1.466.13.1 / 1.480.3.1', 'edition':'Enterprise' },
  { 'min_version' : '1.480', 'fixed_version' : '1.480.3.1',   'fixed_display' : '1.447.7.1 / 1.466.13.1 / 1.480.3.1', 'edition':'Enterprise' }
];

vcf::jenkins::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE,
  flags:{xsrf:TRUE, xss:TRUE}
);
VendorProductVersionCPE
jenkinsjenkinscpe:/a:jenkins:jenkins
cloudbeesjenkinscpe:/a:cloudbees:jenkins

Related

openvas 2
veracode 5
nessus 1
redhat 1
ubuntucve 5
cvelist 5
osv 3
nvd 6
cve 6
github 3
prion 6
openvas
openvas
Jenkins <= 1.501, <= 1.480.2 LTS Multiple Vulnerabilities - Linux
2022-08-23 00:00:00
Jenkins <= 1.501, <= 1.480.2 LTS Multiple Vulnerabilities - Windows
2022-08-23 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-05-02 04:44:00
Input Validation Bypass
2019-05-02 04:44:00
Cross-site Scripting (XSS)
2019-05-02 04:43:59
nessus
nessus
RHEL 6 : Red Hat OpenShift Enterprise 1.1.2 update (Moderate) (RHSA-2013:0638)
2018-12-06 00:00:00
redhat
redhat
(RHSA-2013:0638) Moderate: Red Hat OpenShift Enterprise 1.1.2 update
2013-03-12 00:00:00
ubuntucve
ubuntucve
CVE-2013-0331
2013-03-19 00:00:00
CVE-2013-0327
2013-03-19 00:00:00
CVE-2013-0328
2013-03-19 00:00:00
cvelist
cvelist
CVE-2013-0331
2013-03-19 14:00:00
CVE-2013-0327
2013-03-19 14:00:00
CVE-2013-0328
2013-03-19 14:00:00
osv
osv
Jenkins Cross-Site Request Forgery vulnerability
2022-05-05 02:48:48
Jenkins subject to Cross-site Scripting
2022-05-05 02:48:48
Jenkins Cross-Site Request Forgery vulnerability
2022-05-05 02:48:48
nvd
nvd
CVE-2013-0327
2013-03-19 14:55:02
CVE-2013-0331
2013-03-19 14:55:02
CVE-2013-0328
2013-03-19 14:55:02
cve
cve
CVE-2013-0327
2013-03-19 14:55:02
CVE-2013-0328
2013-03-19 14:55:02
CVE-2013-0331
2013-03-19 14:55:02
github
github
Jenkins Cross-Site Request Forgery vulnerability
2022-05-05 02:48:48
Jenkins subject to Cross-site Scripting
2022-05-05 02:48:48
Jenkins Cross-Site Request Forgery vulnerability
2022-05-05 02:48:48
prion
prion
Cross site scripting
2013-03-19 14:55:00
Cross site request forgery (csrf)
2013-03-19 14:55:00
Code injection
2013-03-19 14:55:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.7%

JSON
Related for JENKINS_1_502.NASL
openvas2veracode5nessus1redhat1ubuntucve5cvelist5osv3nvd6cve6github3prion6