Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.114139 |
Kategorie: | Web application abuses |
Titel: | Jenkins < 2.197 and < 2.176.4 LTS Multiple Vulnerabilities - Linux |
Zusammenfassung: | Jenkins is prone to multiple vulnerabilities. |
Beschreibung: | Summary: Jenkins is prone to multiple vulnerabilities. Vulnerability Insight: Jenkins is prone to the following vulnerabilities: - The f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents, typically Job/Configure. (CVE-2019-10401) - The f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents. (CVE-2019-10402) - The SCM tag name on the tooltip for SCM tag actions was not being escaped, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions. (CVE-2019-10403) - The reason why a queue item is blocked in tooltips was not being escaped, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. (CVE-2019-10404) - The value of the 'Cookie' HTTP request header on the /whoAmI/ URL was being printed, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked as HttpOnly. (CVE-2019-10405) - The values set as Jenkins URL in the global configuration were not being restricted or filtered, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. (CVE-2019-10406) Affected Software/OS: Jenkins LTS up to and including 2.176.3, Jenkins weekly up to and including 2.196. Solution: Update Jenkins weekly to version 2.197 or later / Jenkins LTS to version 2.176.4 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-10401 Common Vulnerability Exposure (CVE) ID: CVE-2019-10402 Common Vulnerability Exposure (CVE) ID: CVE-2019-10403 Common Vulnerability Exposure (CVE) ID: CVE-2019-10404 Common Vulnerability Exposure (CVE) ID: CVE-2019-10405 Common Vulnerability Exposure (CVE) ID: CVE-2019-10406 |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |