ID UB:CVE-2017-1000395 Type ubuntucve Reporter ubuntu.com Modified 2018-01-26T00:00:00
Description
Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about
Jenkins user accounts which is generally available to anyone with
Overall/Read permissions via the /user/(username)/api remote API. This
included e.g. Jenkins users' email addresses if the Mailer Plugin is
installed. The remote API now no longer includes information beyond the
most basic (user ID and name) unless the user requesting it is a Jenkins
administrator.
{"id": "UB:CVE-2017-1000395", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2017-1000395", "description": "Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about\nJenkins user accounts which is generally available to anyone with\nOverall/Read permissions via the /user/(username)/api remote API. This\nincluded e.g. Jenkins users' email addresses if the Mailer Plugin is\ninstalled. The remote API now no longer includes information beyond the\nmost basic (user ID and name) unless the user requesting it is a Jenkins\nadministrator.", "published": "2018-01-26T00:00:00", "modified": "2018-01-26T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://ubuntu.com/security/CVE-2017-1000395", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000395", "http://www.openwall.com/lists/oss-security/2017/11/18", "https://nvd.nist.gov/vuln/detail/CVE-2017-1000395", "https://launchpad.net/bugs/cve/CVE-2017-1000395", "https://security-tracker.debian.org/tracker/CVE-2017-1000395"], "cvelist": ["CVE-2017-1000395"], "immutableFields": [], "lastseen": "2021-11-22T21:37:40", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2017-1168"]}, {"type": "cve", "idList": ["CVE-2017-1000395"]}, {"type": "nessus", "idList": ["JENKINS_SECURITY_ADVISORY_2017-10-11.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112106", "OPENVAS:1361412562310112107"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000395"]}], "rev": 4}, "score": {"value": 5.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2017-1168"]}, {"type": "cve", "idList": ["CVE-2017-1000395"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000395"]}]}, "exploitation": null, "vulnersScore": 5.3}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "jenkins"}], "bugs": [], "_state": {"dependencies": 1646059184}}
{"redhatcve": [{"lastseen": "2021-09-02T22:47:20", "description": "Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote API now no longer includes information beyond the most basic (user ID and name) unless the user requesting it is a Jenkins administrator.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-11-21T11:20:24", "type": "redhatcve", "title": "CVE-2017-1000395", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000395"], "modified": "2020-04-08T20:41:17", "id": "RH:CVE-2017-1000395", "href": "https://access.redhat.com/security/cve/cve-2017-1000395", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:09:12", "description": "An information disclosure vulnerability exists in Jenkins Remote API. Successful exploitation of this vulnerability could allow a remote attacker to gain information about Jenkins user accounts.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2021-03-30T00:00:00", "type": "checkpoint_advisories", "title": "Jenkins Remote API Information Disclosure (CVE-2017-1000395)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000395"], "modified": "2021-03-30T00:00:00", "id": "CPAI-2017-1168", "href": "", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:10:19", "description": "Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote API now no longer includes information beyond the most basic (user ID and name) unless the user requesting it is a Jenkins administrator.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-01-26T02:29:00", "type": "cve", "title": "CVE-2017-1000395", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000395"], "modified": "2019-05-08T22:24:00", "cpe": ["cpe:/a:jenkins:jenkins:2.73.1", "cpe:/a:jenkins:jenkins:2.83"], "id": "CVE-2017-1000395", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000395", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:jenkins:jenkins:2.83:*:*:*:-:*:*:*", "cpe:2.3:a:jenkins:jenkins:2.73.1:*:*:*:lts:*:*:*"]}], "nessus": [{"lastseen": "2022-04-12T15:58:31", "description": "The remote web server hosts a version of Jenkins that is prior to 2.84, or a version of Jenkins LTS prior to 2.73.2. It is, therefore, affected by the following vulnerabilities :\n - A remote command execution vulnerability exists in the launch method component due to insufficient default permissions being set. An authenticated, remote attacker can exploit this to execute arbitrary commands (CVE-2017-1000393).\n\n - A denial of service (DoS) vulnerability exists in the commons-fileupload library bundled with Jenkins. An unauthenticated, remote attacker can exploit this issue, by supplying a long boundary string, to cause the application to stop responding. (CVE-2017-1000394).\n\n - An information disclosure vulnerability exists in the remote API component. An authenticated, remote attacker can exploit this, by requesting data from unsecured API endpoints, to disclose potentially sensitive information about users on the system (CVE-2017-1000395).", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-05T00:00:00", "type": "nessus", "title": "Jenkins < 2.84 / < 2.73.2 (LTS) Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000393", "CVE-2017-1000394", "CVE-2017-1000395", "CVE-2017-1000396", "CVE-2017-1000398", "CVE-2017-1000399", "CVE-2017-1000400", "CVE-2017-1000401"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:cloudbees:jenkins"], "id": "JENKINS_SECURITY_ADVISORY_2017-10-11.NASL", "href": "https://www.tenable.com/plugins/nessus/125706", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125706);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2017-1000393\",\n \"CVE-2017-1000394\",\n \"CVE-2017-1000395\",\n \"CVE-2017-1000396\",\n \"CVE-2017-1000398\",\n \"CVE-2017-1000399\",\n \"CVE-2017-1000400\",\n \"CVE-2017-1000401\"\n );\n script_bugtraq_id(\n 104303,\n 104304,\n 104305,\n 104306,\n 104951\n );\n\n script_name(english:\"Jenkins < 2.84 / < 2.73.2 (LTS) Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a job scheduling and management system that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server hosts a version of Jenkins that is prior to 2.84, or a version of Jenkins LTS prior to 2.73.2. \nIt is, therefore, affected by the following vulnerabilities :\n \n - A remote command execution vulnerability exists in the launch method component due to insufficient default permissions \n being set. An authenticated, remote attacker can exploit this to execute arbitrary commands (CVE-2017-1000393).\n\n - A denial of service (DoS) vulnerability exists in the commons-fileupload library bundled with Jenkins. An \n unauthenticated, remote attacker can exploit this issue, by supplying a long boundary string, to cause the \n application to stop responding. (CVE-2017-1000394).\n\n - An information disclosure vulnerability exists in the remote API component. An authenticated, remote attacker can \n exploit this, by requesting data from unsecured API endpoints, to disclose potentially sensitive information about \n users on the system (CVE-2017-1000395).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jenkins.io/security/advisory/2017-10-11/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jenkins.io/changelog/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://jenkins.io/changelog-stable/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Jenkins to version 2.84 or later. For Jenkins LTS, upgrade \n to version 2.73.2 or later\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000393\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cloudbees:jenkins\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"jenkins_detect.nasl\", \"jenkins_win_installed.nbin\", \"jenkins_nix_installed.nbin\", \"macosx_jenkins_installed.nbin\");\n script_require_keys(\"installed_sw/Jenkins\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::combined_get_app_info(app:'Jenkins');\n\nvar constraints = [\n {'edition':'Open Source', 'fixed_version':'2.84'},\n {'edition':'Open Source LTS', 'fixed_version':'2.73.2'}\n];\n\nvcf::jenkins::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-10-18T15:19:02", "description": "This host is installed with Jenkins and is prone to\n multiple vulnerabilities.", "cvss3": {}, "published": "2017-11-07T00:00:00", "type": "openvas", "title": "Jenkins Multiple Vulnerabilities - Oct17 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000398", "CVE-2012-6153", "CVE-2017-1000401", "CVE-2017-1000399", "CVE-2017-1000393", "CVE-2017-1000394", "CVE-2017-1000395", "CVE-2017-1000400", "CVE-2017-1000396"], "modified": "2019-10-17T00:00:00", "id": "OPENVAS:1361412562310112106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112106", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Jenkins Multiple Vulnerabilities - Oct17 (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:jenkins:jenkins\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112106\");\n script_version(\"2019-10-17T11:27:19+0000\");\n\n script_cve_id(\"CVE-2017-1000393\", \"CVE-2017-1000394\", \"CVE-2017-1000395\", \"CVE-2017-1000396\", \"CVE-2017-1000398\",\n \"CVE-2017-1000399\", \"CVE-2017-1000400\", \"CVE-2017-1000401\", \"CVE-2012-6153\");\n\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-17 11:27:19 +0000 (Thu, 17 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-07 10:05:00 +0100 (Tue, 07 Nov 2017)\");\n\n script_name(\"Jenkins Multiple Vulnerabilities - Oct17 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_jenkins_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"jenkins/detected\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://jenkins.io/security/advisory/2017-10-11/\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Jenkins and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - arbitrary shell command execution\n\n - bundling vulnerable libraries\n\n - disclosing various information\n\n - sending form validation for passwords via GET\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to obtain sensitive information,\n and execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Jenkins LTS 2.73.1 and prior, Jenkins weekly up to and including 2.83.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Jenkins weekly to 2.84 or later / Jenkins LTS to 2.73.2 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit(0);\n\nif( ! infos = get_app_full( cpe:CPE, port:port ) )\n exit(0);\n\nif( ! version = infos[\"version\"])\n exit(0);\n\nlocation = infos[\"location\"];\nproto = infos[\"proto\"];\n\nif( get_kb_item( \"jenkins/\" + port + \"/is_lts\" ) ) {\n if( version_is_less( version:version, test_version:\"2.73.2\" ) ) {\n vuln = TRUE;\n fix = \"2.73.2\";\n }\n} else {\n if( version_is_less( version:version, test_version:\"2.84\" ) ) {\n vuln = TRUE;\n fix = \"2.84\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:version, fixed_version:fix, install_path:location );\n security_message( port:port, data:report, proto:proto );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-10-18T15:17:37", "description": "This host is installed with Jenkins and is prone to\n multiple vulnerabilities.", "cvss3": {}, "published": "2017-11-07T00:00:00", "type": "openvas", "title": "Jenkins Multiple Vulnerabilities - Oct17 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000398", "CVE-2012-6153", "CVE-2017-1000401", "CVE-2017-1000399", "CVE-2017-1000393", "CVE-2017-1000394", "CVE-2017-1000395", "CVE-2017-1000400", "CVE-2017-1000396"], "modified": "2019-10-17T00:00:00", "id": "OPENVAS:1361412562310112107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112107", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Jenkins Multiple Vulnerabilities - Oct17 (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:jenkins:jenkins\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112107\");\n script_version(\"2019-10-17T11:27:19+0000\");\n\n script_cve_id(\"CVE-2017-1000393\", \"CVE-2017-1000394\", \"CVE-2017-1000395\", \"CVE-2017-1000396\", \"CVE-2017-1000398\",\n \"CVE-2017-1000399\", \"CVE-2017-1000400\", \"CVE-2017-1000401\", \"CVE-2012-6153\");\n\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-17 11:27:19 +0000 (Thu, 17 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-07 10:05:00 +0100 (Tue, 07 Nov 2017)\");\n\n script_name(\"Jenkins Multiple Vulnerabilities - Oct17 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_jenkins_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"jenkins/detected\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://jenkins.io/security/advisory/2017-10-11/\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Jenkins and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - arbitrary shell command execution\n\n - bundling vulnerable libraries\n\n - disclosing various information\n\n - sending form validation for passwords via GET\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to obtain sensitive information,\n and execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Jenkins LTS 2.73.1 and prior, Jenkins weekly up to and including 2.83.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Jenkins weekly to 2.84 or later / Jenkins LTS to 2.73.2 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit(0);\n\nif( ! infos = get_app_full( cpe:CPE, port:port ) )\n exit(0);\n\nif( ! version = infos[\"version\"])\n exit(0);\n\nlocation = infos[\"location\"];\nproto = infos[\"proto\"];\n\nif( get_kb_item( \"jenkins/\" + port + \"/is_lts\" ) ) {\n if( version_is_less( version:version, test_version:\"2.73.2\" ) ) {\n vuln = TRUE;\n fix = \"2.73.2\";\n }\n} else {\n if( version_is_less( version:version, test_version:\"2.84\" ) ) {\n vuln = TRUE;\n fix = \"2.84\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:version, fixed_version:fix, install_path:location );\n security_message( port:port, data:report, proto:proto );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}
