ID RH:CVE-2020-2223 Type redhatcve Reporter redhat.com Modified 2022-05-25T22:56:21
Description
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. HREF attribute of links to downstream jobs are not escaped on build console pages which could lead to a stored cross-site scripting (XSS) vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
{"id": "RH:CVE-2020-2223", "vendorId": null, "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2020-2223", "description": "A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. HREF attribute of links to downstream jobs are not escaped on build console pages which could lead to a stored cross-site scripting (XSS) vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n", "published": "2020-07-15T21:07:38", "modified": "2022-05-25T22:56:21", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5}, "severity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "href": "https://access.redhat.com/security/cve/cve-2020-2223", "reporter": "redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1857433"], "cvelist": ["CVE-2020-2223"], "immutableFields": [], "lastseen": "2022-05-25T23:23:02", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-2223"]}, {"type": "freebsd", "idList": ["1DDAB5CB-14C9-4632-959F-802C412A9593"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_1DDAB5CB14C94632959F802C412A9593.NASL", "JENKINS_SECURITY_ADVISORY_2020-07-15.NASL", "REDHAT-RHSA-2020-3519.NASL", "REDHAT-RHSA-2020-3541.NASL", "REDHAT-RHSA-2020-3808.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112779", "OPENVAS:1361412562310112780"]}, {"type": "redhat", "idList": ["RHSA-2020:3519", "RHSA-2020:3541", "RHSA-2020:3808"]}], "rev": 4}, "score": {"value": 4.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-2223"]}, {"type": "freebsd", "idList": ["1DDAB5CB-14C9-4632-959F-802C412A9593"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_1DDAB5CB14C94632959F802C412A9593.NASL", "REDHAT-RHSA-2020-3519.NASL", "REDHAT-RHSA-2020-3541.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112779", "OPENVAS:1361412562310112780"]}, {"type": "redhat", "idList": ["RHSA-2020:3541"]}]}, "exploitation": null, "vulnersScore": 4.3}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "vendorCvss": {"score": "8.0", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}}
{"cve": [{"lastseen": "2022-03-23T15:11:03", "description": "Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-07-15T18:15:00", "type": "cve", "title": "CVE-2020-2223", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2223"], "modified": "2020-07-21T16:29:00", "cpe": ["cpe:/a:jenkins:jenkins:2.235.1", "cpe:/a:jenkins:jenkins:2.244"], "id": "CVE-2020-2223", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2223", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:jenkins:jenkins:2.244:*:*:*:-:*:*:*", "cpe:2.3:a:jenkins:jenkins:2.235.1:*:*:*:lts:*:*:*"]}], "openvas": [{"lastseen": "2020-07-23T15:27:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-2222", "CVE-2020-2221", "CVE-2020-2220", "CVE-2020-2223"], "description": "Jenkins is prone to multiple cross-site scripting (XSS) vulnerabilities.", "modified": "2020-07-16T00:00:00", "published": "2020-07-16T00:00:00", "id": "OPENVAS:1361412562310112780", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112780", "type": "openvas", "title": "Jenkins < 2.245, < 2.235.2 LTS Multiple XSS Vulnerabilities (Windows)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:jenkins:jenkins\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112780\");\n script_version(\"2020-07-16T09:31:52+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 09:31:52 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-16 09:25:11 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2020-2220\", \"CVE-2020-2221\", \"CVE-2020-2222\", \"CVE-2020-2223\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Jenkins < 2.245, < 2.235.2 LTS Multiple XSS Vulnerabilities (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_jenkins_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"jenkins/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Jenkins is prone to multiple cross-site scripting (XSS) vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - Stored XSS vulnerability in console links (CVE-2020-2223)\");\n\n script_tag(name:\"affected\", value:\"Jenkins version 2.244 and prior and 2.235.1 LTS and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.245, 2.235.2 LTS or later.\");\n\n script_xref(name:\"URL\", value:\"https://jenkins.io/security/advisory/2020-07-15/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!infos = get_app_full(cpe: CPE, port: port))\n exit(0);\n\nif(!version = infos[\"version\"])\n exit(0);\n\nlocation = infos[\"location\"];\nproto = infos[\"proto\"];\n\nif(get_kb_item(\"jenkins/\" + port + \"/is_lts\")) {\n if(version_is_less(version: version, test_version: \"2.235.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.235.2\", install_path: location);\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n} else {\n if(version_is_less(version: version, test_version: \"2.245\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.245\", install_path: location);\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-07-23T15:27:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-2222", "CVE-2020-2221", "CVE-2020-2220", "CVE-2020-2223"], "description": "Jenkins is prone to multiple cross-site scripting (XSS) vulnerabilities.", "modified": "2020-07-16T00:00:00", "published": "2020-07-16T00:00:00", "id": "OPENVAS:1361412562310112779", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112779", "type": "openvas", "title": "Jenkins < 2.245, < 2.235.2 LTS Multiple XSS Vulnerabilities (Linux)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:jenkins:jenkins\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112779\");\n script_version(\"2020-07-16T09:31:52+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 09:31:52 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-16 09:25:11 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2020-2220\", \"CVE-2020-2221\", \"CVE-2020-2222\", \"CVE-2020-2223\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Jenkins < 2.245, < 2.235.2 LTS Multiple XSS Vulnerabilities (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_jenkins_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"jenkins/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Jenkins is prone to multiple cross-site scripting (XSS) vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - Stored XSS vulnerability in console links (CVE-2020-2223)\");\n\n script_tag(name:\"affected\", value:\"Jenkins version 2.244 and prior and 2.235.1 LTS and prior.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.245, 2.235.2 LTS or later.\");\n\n script_xref(name:\"URL\", value:\"https://jenkins.io/security/advisory/2020-07-15/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!infos = get_app_full(cpe: CPE, port: port))\n exit(0);\n\nif(!version = infos[\"version\"])\n exit(0);\n\nlocation = infos[\"location\"];\nproto = infos[\"proto\"];\n\nif(get_kb_item(\"jenkins/\" + port + \"/is_lts\")) {\n if(version_is_less(version: version, test_version: \"2.235.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.235.2\", install_path: location);\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n} else {\n if(version_is_less(version: version, test_version: \"2.245\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.245\", install_path: location);\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-08-19T12:13:59", "description": "Jenkins Security Advisory : Description(High) SECURITY-1868 / CVE-2020-2220 Stored XSS vulnerability in job build time trend (High) SECURITY-1901 / CVE-2020-2221 Stored XSS vulnerability in upstream cause (High) SECURITY-1902 / CVE-2020-2222 Stored XSS vulnerability in 'keep forever' badge icons (High) SECURITY-1945 / CVE-2020-2223 Stored XSS vulnerability in console links", "cvss3": {"score": 5.4, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-07-16T00:00:00", "type": "nessus", "title": "FreeBSD : jenkins -- multiple vulnerabilities (1ddab5cb-14c9-4632-959f-802c412a9593)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223"], "modified": "2020-08-21T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:jenkins", "p-cpe:/a:freebsd:freebsd:jenkins-lts", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1DDAB5CB14C94632959F802C412A9593.NASL", "href": "https://www.tenable.com/plugins/nessus/138536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138536);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/21\");\n\n script_cve_id(\n \"CVE-2020-2220\",\n \"CVE-2020-2221\",\n \"CVE-2020-2222\",\n \"CVE-2020-2223\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0337-S\");\n\n script_name(english:\"FreeBSD : jenkins -- multiple vulnerabilities (1ddab5cb-14c9-4632-959f-802c412a9593)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jenkins Security Advisory : Description(High) SECURITY-1868 /\nCVE-2020-2220 Stored XSS vulnerability in job build time trend (High)\nSECURITY-1901 / CVE-2020-2221 Stored XSS vulnerability in upstream\ncause (High) SECURITY-1902 / CVE-2020-2222 Stored XSS vulnerability in\n'keep forever' badge icons (High) SECURITY-1945 / CVE-2020-2223 Stored\nXSS vulnerability in console links\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.jenkins.io/security/advisory/2020-07-15/\");\n # https://vuxml.freebsd.org/freebsd/1ddab5cb-14c9-4632-959f-802c412a9593.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cadc72fa\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2223\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:jenkins-lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/16\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"jenkins<2.245\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"jenkins-lts<2.235.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-04-12T17:08:48", "description": "The version of Jenkins running on the remote web server is prior to 2.245 or is a version of Jenkins LTS prior to 2.235.2. It is, therefore, affected by multiple stored cross-site scripting (XSS) vulnerabilities in various components including its build time trend page, build cause page, tooltips & build console page. This is due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.4, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-07-24T00:00:00", "type": "nessus", "title": "Jenkins ( < 2.235.2 LTS / < 2.245 Weekly) Multiple Stored XSS (Jenkins Security Advisory 2020-07-15)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cloudbees:jenkins"], "id": "JENKINS_SECURITY_ADVISORY_2020-07-15.NASL", "href": "https://www.tenable.com/plugins/nessus/138887", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138887);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2020-2220\",\n \"CVE-2020-2221\",\n \"CVE-2020-2222\",\n \"CVE-2020-2223\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0337-S\");\n\n script_name(english:\"Jenkins ( < 2.235.2 LTS / < 2.245 Weekly) Multiple Stored XSS (Jenkins Security Advisory 2020-07-15)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A job scheduling and management system hosted on the remote web server is affected by multiple stored XSS \nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Jenkins running on the remote web server is prior to 2.245 or is a version of Jenkins LTS prior to \n2.235.2. It is, therefore, affected by multiple stored cross-site scripting (XSS) vulnerabilities in various components \nincluding its build time trend page, build cause page, tooltips & build console page. This is due to improper \nvalidation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by \nconvincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://www.jenkins.io/security/advisory/2020-07-15/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1846d83d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Jenkins weekly to version 2.245 or later. Upgrade Jenkins LTS to version 2.235.2 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cloudbees:jenkins\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jenkins_detect.nasl\", \"jenkins_win_installed.nbin\", \"jenkins_nix_installed.nbin\", \"macosx_jenkins_installed.nbin\");\n script_require_keys(\"installed_sw/Jenkins\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'Jenkins');\n\nvar constraints = [\n { 'fixed_version' : '2.245', 'fixed_display' : '2.235.2 LTS / 2.245', 'edition' : 'Open Source' },\n { 'fixed_version' : '2.235.2', 'fixed_display' : '2.235.2 LTS / 2.245', 'edition' : 'Open Source LTS' }\n];\n\nvcf::jenkins::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_NOTE,\n flags:{'xss':TRUE}\n);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-02-19T12:23:09", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3519 advisory.\n\n - jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n - kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.4, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-08-24T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 4.5.7 jenkins and openshift packages (RHSA-2020:3519)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223", "CVE-2020-8557"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube"], "id": "REDHAT-RHSA-2020-3519.NASL", "href": "https://www.tenable.com/plugins/nessus/139772", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3519. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139772);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2020-2220\",\n \"CVE-2020-2221\",\n \"CVE-2020-2222\",\n \"CVE-2020-2223\",\n \"CVE-2020-8557\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3519\");\n script_xref(name:\"IAVA\", value:\"2020-A-0337-S\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 4.5.7 jenkins and openshift packages (RHSA-2020:3519)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3519 advisory.\n\n - jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n - kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857433\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins and / or openshift-hyperkube packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2223\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'openshift_4_5_el7': [\n 'rhel-7-for-system-z-ose-4.5-debug-rpms',\n 'rhel-7-for-system-z-ose-4.5-rpms',\n 'rhel-7-for-system-z-ose-4.5-source-rpms',\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'jenkins-2.235.2.1597312414-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7', 'openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202008130146.p0.git.0.aaf1d57.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202008130146.p0.git.0.aaf1d57.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / openshift-hyperkube');\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-03-22T20:44:44", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3808 advisory.\n\n - jetty: double release of resource can lead to information disclosure (CVE-2019-17638)\n\n - jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n - jenkins: user-specified tooltip values leads to stored cross-site scripting (CVE-2020-2229)\n\n - jenkins: stored XSS vulnerability in project naming strategy (CVE-2020-2230)\n\n - jenkins: stored XSS vulnerability in 'trigger builds remotely' (CVE-2020-2231)\n\n - kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.4, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-09-23T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 4.3.38 jenkins and openshift (RHSA-2020:3808)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17638", "CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223", "CVE-2020-2229", "CVE-2020-2230", "CVE-2020-2231", "CVE-2020-8557"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:jenkins"], "id": "REDHAT-RHSA-2020-3808.NASL", "href": "https://www.tenable.com/plugins/nessus/140749", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3808. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140749);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2020-2220\",\n \"CVE-2020-2221\",\n \"CVE-2020-2222\",\n \"CVE-2020-2223\",\n \"CVE-2020-8557\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3808\");\n script_xref(name:\"IAVA\", value:\"2020-A-0337-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0380-S\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 4.3.38 jenkins and openshift (RHSA-2020:3808)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3808 advisory.\n\n - jetty: double release of resource can lead to information disclosure (CVE-2019-17638)\n\n - jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n - jenkins: user-specified tooltip values leads to stored cross-site scripting (CVE-2020-2229)\n\n - jenkins: stored XSS vulnerability in project naming strategy (CVE-2020-2230)\n\n - jenkins: stored XSS vulnerability in 'trigger builds remotely' (CVE-2020-2231)\n\n - kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/672.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-17638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1864680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1874830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1875232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1875234\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2223\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 200, 400, 672);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'openshift_4_3_el7': [\n 'rhel-7-server-ose-4.3-debug-rpms',\n 'rhel-7-server-ose-4.3-rpms',\n 'rhel-7-server-ose-4.3-source-rpms'\n ],\n 'openshift_4_3_el8': [\n 'rhocp-4.3-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.3-for-rhel-8-s390x-rpms',\n 'rhocp-4.3-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'jenkins-2.235.5.1600415514-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_3_el7', 'openshift_4_3_el8']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins');\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-10-14T00:15:27", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3541 advisory.\n\n - jenkins-jira-plugin: plugin information disclosure (CVE-2019-16541)\n\n - python-rsa: decryption of ciphertext leads to DoS (CVE-2020-13757)\n\n - openshift-ansible: cors allowed origin allows changing url protocol (CVE-2020-1741)\n\n - jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n - jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips (CVE-2020-2224)\n\n - jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips (CVE-2020-2225)\n\n - jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin (CVE-2020-2226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.9, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-08-27T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:3541)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16541", "CVE-2020-1741", "CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223", "CVE-2020-2224", "CVE-2020-2225", "CVE-2020-2226", "CVE-2020-13757"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-docs", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-playbooks", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-roles", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test", "p-cpe:/a:redhat:enterprise_linux:python2-rsa"], "id": "REDHAT-RHSA-2020-3541.NASL", "href": "https://www.tenable.com/plugins/nessus/139919", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3541. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139919);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\n \"CVE-2019-16541\",\n \"CVE-2020-1741\",\n \"CVE-2020-2220\",\n \"CVE-2020-2221\",\n \"CVE-2020-2222\",\n \"CVE-2020-2223\",\n \"CVE-2020-2224\",\n \"CVE-2020-2225\",\n \"CVE-2020-2226\",\n \"CVE-2020-13757\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3541\");\n script_xref(name:\"IAVA\", value:\"2020-A-0337-S\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:3541)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3541 advisory.\n\n - jenkins-jira-plugin: plugin information disclosure (CVE-2019-16541)\n\n - python-rsa: decryption of ciphertext leads to DoS (CVE-2020-13757)\n\n - openshift-ansible: cors allowed origin allows changing url protocol (CVE-2020-1741)\n\n - jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n - jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips (CVE-2020-2224)\n\n - jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips\n (CVE-2020-2225)\n\n - jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin\n (CVE-2020-2226)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/185.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/522.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1802381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1819663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1848507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857441\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16541\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 185, 327, 400, 522);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-playbooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-roles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-rsa\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'openshift_3_11_el7': [\n 'rhel-7-server-ose-3.11-debug-rpms',\n 'rhel-7-server-ose-3.11-rpms',\n 'rhel-7-server-ose-3.11-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'jenkins-2-plugins-3.11.1597310986-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_3_11_el7']},\n {'reference':'jenkins-2.235.2.1597220898-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_3_11_el7']},\n {'reference':'openshift-ansible-3.11.272-1.git.0.79ab6e9.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_3_11_el7']},\n {'reference':'openshift-ansible-docs-3.11.272-1.git.0.79ab6e9.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_3_11_el7']},\n {'reference':'openshift-ansible-playbooks-3.11.272-1.git.0.79ab6e9.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_3_11_el7']},\n {'reference':'openshift-ansible-roles-3.11.272-1.git.0.79ab6e9.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_3_11_el7']},\n {'reference':'openshift-ansible-test-3.11.272-1.git.0.79ab6e9.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_3_11_el7']},\n {'reference':'python2-rsa-4.5-2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_3_11_el7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins / openshift-ansible / etc');\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nJenkins Security Advisory:\n\nDescription\n(High) SECURITY-1868 / CVE-2020-2220\nStored XSS vulnerability in job build time trend\n(High) SECURITY-1901 / CVE-2020-2221\nStored XSS vulnerability in upstream cause\n(High) SECURITY-1902 / CVE-2020-2222\nStored XSS vulnerability in 'keep forever' badge icons\n(High) SECURITY-1945 / CVE-2020-2223\nStored XSS vulnerability in console links\n\n\n", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-07-15T00:00:00", "type": "freebsd", "title": "jenkins -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223"], "modified": "2020-07-15T00:00:00", "id": "1DDAB5CB-14C9-4632-959F-802C412A9593", "href": "https://vuxml.freebsd.org/freebsd/1ddab5cb-14c9-4632-959f-802c412a9593.html", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2021-10-19T20:38:06", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nJenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n* jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n* jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n* jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n* kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-08-24T14:33:15", "type": "redhat", "title": "(RHSA-2020:3519) Important: OpenShift Container Platform 4.5.7 jenkins and openshift packages security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223", "CVE-2020-8557"], "modified": "2020-08-24T14:43:03", "id": "RHSA-2020:3519", "href": "https://access.redhat.com/errata/RHSA-2020:3519", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-10-19T20:38:58", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nJenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n* jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n* jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n* jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n* kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "HIGH", "baseScore": 9.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.5}, "published": "2020-09-23T12:37:44", "type": "redhat", "title": "(RHSA-2020:3808) Important: OpenShift Container Platform 4.3.38 jenkins and openshift security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17638", "CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223", "CVE-2020-2229", "CVE-2020-2230", "CVE-2020-2231", "CVE-2020-8557"], "modified": "2020-10-14T23:14:07", "id": "RHSA-2020:3808", "href": "https://access.redhat.com/errata/RHSA-2020:3808", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:22", "description": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. The Matrix Project is a module which handles creating Jenkins multi-configuration projects (matrix projects). Matrix Authorization allows configuring the lowest level permissions, such as starting new builds,\nconfiguring items, or deleting them, individually.\n\nPython-RSA is a RSA implementation in Python. It can be used as a Python\nlibrary as well as the commandline utility.\n\nAnsible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3.\n\nSecurity Fix(es):\n\n* jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n* jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n* jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n* jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n* jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips (CVE-2020-2224)\n\n* jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips (CVE-2020-2225)\n\n* jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin (CVE-2020-2226)\n\n* jenkins-jira-plugin: plugin information disclosure (CVE-2019-16541)\n\n* python-rsa: decryption of ciphertext leads to DoS (CVE-2020-13757)\n\n* openshift-ansible: cors allowed origin allows changing url protocol (CVE-2020-1741)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.9, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-08-26T22:29:17", "type": "redhat", "title": "(RHSA-2020:3541) Important: OpenShift Container Platform 3.11 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16541", "CVE-2020-13757", "CVE-2020-1741", "CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223", "CVE-2020-2224", "CVE-2020-2225", "CVE-2020-2226"], "modified": "2020-08-26T22:37:54", "id": "RHSA-2020:3541", "href": "https://access.redhat.com/errata/RHSA-2020:3541", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}
