This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.JENKINS_2_274.NASLJenkins < 2.263.2 LTS / 2.275 Multiple Vulnerabilities
The version of Jenkins running on the remote web server is prior to 2.275 or is a version of Jenkins LTS prior to 2.263.2. It is, therefore, affected by multiple vulnerabilities, including the following:
-
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global
config.xmlfile. (CVE-2021-21605) -
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator. (CVE-2021-21604)
-
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission. (CVE-2021-21609)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(145248);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id(
"CVE-2021-21602",
"CVE-2021-21603",
"CVE-2021-21604",
"CVE-2021-21605",
"CVE-2021-21606",
"CVE-2021-21607",
"CVE-2021-21608",
"CVE-2021-21609",
"CVE-2021-21610",
"CVE-2021-21611"
);
script_xref(name:"IAVA", value:"2021-A-0039-S");
script_name(english:"Jenkins < 2.263.2 LTS / 2.275 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"A job scheduling and management system hosted on the remote web server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Jenkins running on the remote web server is prior to 2.275 or is a version of Jenkins LTS prior to
2.263.2. It is, therefore, affected by multiple vulnerabilities, including the following:
- Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent
names that cause Jenkins to override the global `config.xml` file. (CVE-2021-21605)
- Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various
objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe
objects once discarded by an administrator. (CVE-2021-21604)
- Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always
accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have
Overall/Read permission. (CVE-2021-21609)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.jenkins.io/security/advisory/2021-01-13/");
script_set_attribute(attribute:"solution", value:
"Upgrade Jenkins to version 2.275 or later, Jenkins LTS to version 2.263.2 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21605");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/13");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/22");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cloudbees:jenkins");
script_set_attribute(attribute:"cpe", value:"cpe:/a:jenkins:jenkins");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("jenkins_detect.nasl", "jenkins_win_installed.nbin", "jenkins_nix_installed.nbin", "macosx_jenkins_installed.nbin");
script_require_keys("installed_sw/Jenkins");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var app_info = vcf::combined_get_app_info(app:'Jenkins');
var constraints = [
{ 'fixed_version' : '2.275', 'fixed_display' : '2.263.2 LTS / 2.275', 'edition' : 'Open Source' },
{ 'fixed_version' : '2.263.2', 'fixed_display' : '2.263.2 LTS / 2.275', 'edition' : 'Open Source LTS' }
];
vcf::jenkins::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xss:TRUE});
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21602
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21603
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21604
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21605
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21608
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21609
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21611
www.jenkins.io/security/advisory/2021-01-13/
Related
