Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.JENKINS_2_274.NASL
HistoryJan 22, 2021 - 12:00 a.m.

Jenkins < 2.263.2 LTS / 2.275 Multiple Vulnerabilities

2021-01-2200:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
72

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

The version of Jenkins running on the remote web server is prior to 2.275 or is a version of Jenkins LTS prior to 2.263.2. It is, therefore, affected by multiple vulnerabilities, including the following:

  • Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file. (CVE-2021-21605)

  • Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator. (CVE-2021-21604)

  • Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission. (CVE-2021-21609)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(145248);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");

  script_cve_id(
    "CVE-2021-21602",
    "CVE-2021-21603",
    "CVE-2021-21604",
    "CVE-2021-21605",
    "CVE-2021-21606",
    "CVE-2021-21607",
    "CVE-2021-21608",
    "CVE-2021-21609",
    "CVE-2021-21610",
    "CVE-2021-21611"
  );
  script_xref(name:"IAVA", value:"2021-A-0039-S");

  script_name(english:"Jenkins < 2.263.2 LTS / 2.275 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A job scheduling and management system hosted on the remote web server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Jenkins running on the remote web server is prior to 2.275 or is a version of Jenkins LTS prior to
2.263.2. It is, therefore, affected by multiple vulnerabilities, including the following:

  - Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent
    names that cause Jenkins to override the global `config.xml` file. (CVE-2021-21605)

  - Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various
    objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe
    objects once discarded by an administrator. (CVE-2021-21604)

  - Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always
    accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have
    Overall/Read permission. (CVE-2021-21609)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.jenkins.io/security/advisory/2021-01-13/");
  script_set_attribute(attribute:"solution", value:
"Upgrade Jenkins to version 2.275 or later, Jenkins LTS to version 2.263.2 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21605");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/01/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/22");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cloudbees:jenkins");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:jenkins:jenkins");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("jenkins_detect.nasl", "jenkins_win_installed.nbin", "jenkins_nix_installed.nbin", "macosx_jenkins_installed.nbin");
  script_require_keys("installed_sw/Jenkins");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_info = vcf::combined_get_app_info(app:'Jenkins');

var constraints = [
  { 'fixed_version' : '2.275',    'fixed_display' : '2.263.2 LTS / 2.275',  'edition' : 'Open Source' },
  { 'fixed_version' : '2.263.2',  'fixed_display' : '2.263.2 LTS / 2.275',  'edition' : 'Open Source LTS' }
];

vcf::jenkins::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xss:TRUE});
VendorProductVersionCPE
jenkinsjenkinscpe:/a:jenkins:jenkins
cloudbeesjenkinscpe:/a:cloudbees:jenkins

Related

openvas 2
nessus 5
archlinux 1
freebsd 1
redhat 4
github 11
osv 31
alpinelinux 10
cvelist 10
nvd 10
cve 10
redhatcve 10
prion 10
veracode 1
openvas
openvas
Jenkins < 2.275, < 2.263.2 Multiple Vulnerabilities - Windows
2021-01-14 00:00:00
Jenkins < 2.275, < 2.263.2 Multiple Vulnerabilities - Linux
2021-01-14 00:00:00
nessus
nessus
FreeBSD : jenkins -- multiple vulnerabilities (d6f76976-e86d-4f9a-9362-76c849b10db2)
2021-01-14 00:00:00
Jenkins Enterprise and Operations Center < 2.222.43.0.1 / 2.249.30.0.1 / 2.263.2.2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-01-13)
2021-11-29 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.5.33 (RHSA-2021:0429)
2021-03-03 00:00:00
archlinux
archlinux
[ASA-202101-41] jenkins: multiple issues
2021-01-20 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2021-01-13 00:00:00
redhat
redhat
(RHSA-2021:0423) Important: OpenShift Container Platform 4.6.17 security and packages update
2021-02-17 18:52:18
(RHSA-2021:0429) Important: OpenShift Container Platform 4.5.33 packages and security update
2021-03-03 03:59:11
(RHSA-2021:0637) Important: OpenShift Container Platform 3.11.394 bug fix and security update
2021-03-03 12:05:11
github
github
Arbitrary file existence check in file fingerprints in Jenkins
2022-05-24 17:39:12
Reflected XSS vulnerability in Jenkins markup formatter preview
2022-05-24 17:39:13
Missing permission check for paths with specific prefix in Jenkins
2022-05-24 17:39:12
osv
osv
Missing permission check for paths with specific prefix in Jenkins
2022-05-24 17:39:12
CVE-2021-21609
2021-01-13 16:15:13
BIT-jenkins-2021-21602
2024-03-06 11:04:04
alpinelinux
alpinelinux
CVE-2021-21602
2021-01-13 16:15:13
CVE-2021-21603
2021-01-13 16:15:13
CVE-2021-21609
2021-01-13 16:15:13
cvelist
cvelist
CVE-2021-21602
2021-01-13 15:55:27
CVE-2021-21607
2021-01-13 15:55:30
CVE-2021-21603
2021-01-13 15:55:27
nvd
nvd
CVE-2021-21610
2021-01-13 16:15:14
CVE-2021-21602
2021-01-13 16:15:13
CVE-2021-21609
2021-01-13 16:15:13
cve
cve
CVE-2021-21610
2021-01-13 16:15:14
CVE-2021-21603
2021-01-13 16:15:13
CVE-2021-21609
2021-01-13 16:15:13
redhatcve
redhatcve
CVE-2021-21603
2021-02-04 14:55:57
CVE-2021-21609
2021-02-04 13:52:24
CVE-2021-21605
2021-02-04 13:52:17
prion
prion
Cross site scripting
2021-01-13 16:15:00
Code injection
2021-01-13 16:15:00
Design/Logic Flaw
2021-01-13 16:15:00
veracode
veracode
Privilege Escalation
2021-01-14 16:24:39

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON
Related for JENKINS_2_274.NASL
openvas2nessus5archlinux1freebsd1redhat4github11osv31alpinelinux10cvelist10nvd10cve10redhatcve10prion10veracode1