7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
5.8 Medium
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
67.4%
Jenkins is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:jenkins:jenkins";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.807330");
script_version("2023-07-21T05:05:22+0000");
script_cve_id("CVE-2016-3721", "CVE-2016-3722", "CVE-2016-3723", "CVE-2016-3724",
"CVE-2016-3725", "CVE-2016-3726", "CVE-2016-3727");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_tag(name:"last_modification", value:"2023-07-21 05:05:22 +0000 (Fri, 21 Jul 2023)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-01-05 02:30:00 +0000 (Fri, 05 Jan 2018)");
script_tag(name:"creation_date", value:"2016-05-20 13:47:37 +0530 (Fri, 20 May 2016)");
script_name("Jenkins Multiple Vulnerabilities (May 2016) - Linux");
script_tag(name:"summary", value:"Jenkins is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws are due to:
- The XML/JSON API endpoints providing information about installed plugins
were missing permissions checks, allowing any user with read access to
Jenkins to determine which plugins and versions were installed.
- The users with extended read access could access encrypted secrets stored
directly in the configuration of those items.
- A missing permissions check allowed any user with access to Jenkins to trigger
an update of update site metadata. This could be combined with DNS cache
poisoning to disrupt Jenkins service.
- The Some Jenkins URLs did not properly validate the redirect URLs, which
allowed malicious users to create URLs that redirect users to arbitrary
scheme-relative URLs.
- The API URL /computer/(master)/api/xml allowed users with the 'extended read'
permission for the master node to see some global Jenkins configuration,
including the configuration of the security realm.
- By changing the freely editable 'full name', malicious users with multiple
user accounts could prevent other users from logging in, as 'full name' was
resolved before actual user name to determine which account is currently trying
to log in.
- An improper validation of build parameters in Jenkins.");
script_tag(name:"impact", value:"Successful exploitation will allow remote
attackers to obtain sensitive information, bypass the protection mechanism,
gain elevated privileges, bypass intended access restrictions and execute
arbitrary code.");
script_tag(name:"affected", value:"All Jenkins main line releases up to and including 2.2,
All Jenkins LTS releases up to and including 1.651.1.");
script_tag(name:"solution", value:"Jenkins main line users should update to 2.3,
Jenkins LTS users should update to 1.651.2.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_xref(name:"URL", value:"https://jenkins.io/security/advisory/2016-05-11/");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_jenkins_consolidation.nasl", "os_detection.nasl");
script_mandatory_keys("jenkins/detected", "Host/runs_unixoide");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( ! port = get_app_port( cpe:CPE ) )
exit( 0 );
if( ! infos = get_app_full( cpe:CPE, port:port, exit_no_version:TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
proto = infos["proto"];
if( get_kb_item( "jenkins/" + port + "/is_lts" ) ) {
if( version_is_less( version:version, test_version:"1.651.2" ) ) {
vuln = TRUE;
fix = "1.651.2";
}
} else {
if( version_is_less( version:version, test_version:"2.3" ) ) {
vuln = TRUE;
fix = "2.3";
}
}
if( vuln ) {
report = report_fixed_ver( installed_version:version, fixed_version:fix, install_path:location );
security_message( port:port, data:report, proto:proto );
exit( 0 );
}
exit( 99 );
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
5.8 Medium
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
67.4%