jenkins -- multiple vulnerabilities

2016-02-24T00:00:00
ID 7E01DF39-DB7E-11E5-B937-00E0814CAB4E
Type freebsd
Reporter FreeBSD
Modified 2016-02-24T00:00:00

Description

Jenkins Security Advisory:

Description SECURITY-232 / CVE-2016-0788(Remote code execution vulnerability in remoting module) A vulnerability in the Jenkins remoting module allowed unauthenticated remote attackers to open a JRMP listener on the server hosting the Jenkins master process, which allowed arbitrary code execution. SECURITY-238 / CVE-2016-0789(HTTP response splitting vulnerability) An HTTP response splitting vulnerability in the CLI command documentation allowed attackers to craft Jenkins URLs that serve malicious content. SECURITY-241 / CVE-2016-0790(Non-constant time comparison of API token) The verification of user-provided API tokens with the expected value did not use a constant-time comparison algorithm, potentially allowing attackers to use statistical methods to determine valid API tokens using brute-force methods. SECURITY-245 / CVE-2016-0791(Non-constant time comparison of CSRF crumbs) The verification of user-provided CSRF crumbs with the expected value did not use a constant-time comparison algorithm, potentially allowing attackers to use statistical methods to determine valid CSRF crumbs using brute-force methods. SECURITY-247 / CVE-2016-0792(Remote code execution through remote API) Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution.