Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.CLOUDBEES-SECURITY-ADVISORY-2022-01-12.NASL
HistoryFeb 15, 2022 - 12:00 a.m.

Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-01-12)

2022-02-1500:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
40
JSON

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.5, or 2.x prior to 2.319.2.5. It is, therefore, affected by a multiple vulnerabilities, including the following:

  • Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job’s SCM repository. (CVE-2022-20617)

  • A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. (CVE-2022-20619)

  • Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. (CVE-2022-23118)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(158059);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/28");

  script_cve_id(
    "CVE-2022-20612",
    "CVE-2022-20613",
    "CVE-2022-20614",
    "CVE-2022-20615",
    "CVE-2022-20616",
    "CVE-2022-20617",
    "CVE-2022-20618",
    "CVE-2022-20619",
    "CVE-2022-20620",
    "CVE-2022-20621",
    "CVE-2022-23105",
    "CVE-2022-23106",
    "CVE-2022-23107",
    "CVE-2022-23108",
    "CVE-2022-23109",
    "CVE-2022-23110",
    "CVE-2022-23111",
    "CVE-2022-23112",
    "CVE-2022-23113",
    "CVE-2022-23114",
    "CVE-2022-23115",
    "CVE-2022-23116",
    "CVE-2022-23117",
    "CVE-2022-23118"
  );
  script_xref(name:"IAVA", value:"2022-A-0084-S");

  script_name(english:"Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-01-12)");

  script_set_attribute(attribute:"synopsis", value:
"A job scheduling and management system hosted on the remote web server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to
2.277.43.0.5, or 2.x prior to 2.319.2.5. It is, therefore, affected by a multiple vulnerabilities, including the
following:

  - Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting
    in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able
    to control the contents of a previously configured job's SCM repository. (CVE-2022-20617)

  - A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin
    737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using
    attacker-specified credentials IDs obtained through another method, capturing credentials stored in
    Jenkins. (CVE-2022-20619)

  - Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to
    invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to
    control agent processes to invoke arbitrary OS commands on the controller. (CVE-2022-23118)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://www.cloudbees.com/security-advisories/cloudbees-security-advisory-2022-01-12
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?92a04731");
  script_set_attribute(attribute:"solution", value:
"Upgrade Jenkins Enterprise or Jenkins Operations Center to version 2.277.43.0.5, 2.319.2.5, or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-23118");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/01/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/15");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cloudbees:jenkins");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("jenkins_detect.nasl", "jenkins_win_installed.nbin", "jenkins_nix_installed.nbin", "macosx_jenkins_installed.nbin");
  script_require_keys("installed_sw/Jenkins");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_info = vcf::combined_get_app_info(app:'Jenkins');

var constraints = [
  { 'min_version' : '2.277',  'fixed_version' : '2.277.43.0.5', 'edition' : make_list('Enterprise', 'Operations Center') },
  { 'min_version' : '2',      'fixed_version' : '2.319.2.5',    'edition' : make_list('Enterprise', 'Operations Center'), 'rolling_train' : TRUE },
];

vcf::jenkins::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE,
  flags:{'xss':TRUE, 'xsrf':TRUE}
);
VendorProductVersionCPE
cloudbeesjenkinscpe:/a:cloudbees:jenkins

References

Related

nessus 8
redhat 7
prion 24
osv 46
cve 24
github 24
cnvd 15
redhatcve 10
alpinelinux 5
openvas 2
veracode 2
ubuntucve 1
freebsd 1
checkpoint_advisories 1
oracle 1
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2022-01-12)
2022-01-21 00:00:00
Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities
2022-01-21 00:00:00
RHEL 8 : OpenShift Container Platform 4.9.19 (RHSA-2022:0339)
2022-02-10 00:00:00
redhat
redhat
(RHSA-2022:0555) Important: OpenShift Container Platform 3.11.634 security update
2022-02-24 14:42:51
(RHSA-2022:0565) Important: OpenShift Container Platform 4.6.55 packages and security update
2022-02-25 00:51:09
(RHSA-2022:0483) Important: OpenShift Container Platform 4.8.31 security update
2022-02-16 06:35:58
prion
prion
Default credentials
2022-01-12 20:15:00
Cross site scripting
2022-01-12 20:15:00
Code injection
2022-01-12 20:15:00
osv
osv
CVE-2022-20620
2022-01-12 20:15:09
CVE-2022-23118
2022-01-12 20:15:09
CVE-2022-23112
2022-01-12 20:15:09
cve
cve
CVE-2022-23117
2022-01-12 20:15:00
CVE-2022-23112
2022-01-12 20:15:00
CVE-2022-23109
2022-01-12 20:15:00
github
github
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
2022-01-13 00:00:53
Path Traversal in Jenkins Warnings Next Generation Plugin
2022-01-21 23:38:05
User passwords transmitted in plain text by Jenkins Active Directory Plugin
2022-01-13 00:00:55
cnvd
cnvd
Jenkins Licensing Issue Vulnerability (CNVD-2022-08041)
2022-01-16 00:00:00
Jenkins Cross-Site Scripting Vulnerability (CNVD-2022-05039)
2022-01-16 00:00:00
Jenkins Publish Over SSH Plugin Cross-Site Request Forgery Vulnerability
2022-01-16 00:00:00
redhatcve
redhatcve
CVE-2022-20614
2022-01-24 17:40:24
CVE-2022-20613
2022-01-24 17:32:13
CVE-2022-20616
2022-01-24 18:05:58
alpinelinux
alpinelinux
CVE-2022-20614
2022-01-12 20:15:00
CVE-2022-23107
2022-01-12 20:15:00
CVE-2022-20621
2022-01-12 20:15:00
openvas
openvas
Jenkins < 2.319.2, < 2.330 CSRF Vulnerability - Linux
2022-01-14 00:00:00
Jenkins < 2.319.2, < 2.330 CSRF Vulnerability - Windows
2022-01-14 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-03-08 23:55:42
Cross-site Request Forgery (CSRF)
2022-01-18 19:14:05
ubuntucve
ubuntucve
CVE-2022-20612
2022-01-12 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2022-01-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Jenkins Matrix Project Plugin Cross-Site Scripting (CVE-2022-20615)
2022-11-03 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
JSON
Related for CLOUDBEES-SECURITY-ADVISORY-2022-01-12.NASL
nessus8redhat7prion24osv46cve24github24cnvd15redhatcve10alpinelinux5openvas2veracode2ubuntucve1freebsd1checkpoint_advisories1oracle1