Vulnerabilities > CVE-2014-2060 - Unspecified vulnerability in Jenkins
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.
Vulnerable Configurations
Nessus
NASL family | CGI abuses |
NASL id | JENKINS_1_551.NASL |
description | The remote web server hosts a version of Jenkins or Jenkins Enterprise that is affected by multiple vulnerabilities : - A flaw in the default markup formatter allows cross-site scripting via the Description field in the user configuration. (CVE-2013-5573) - A security bypass vulnerability allows remote authenticated attackers to change configurations and execute arbitrary jobs. (CVE-2013-7285, CVE-2013-7330, CVE-2014-2058) - An unspecified flaw in the Winstone servlet allows remote attackers to hijack sessions. (CVE-2014-2060) - An input control flaw in |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 72685 |
published | 2014-02-25 |
reporter | This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/72685 |
title | Jenkins < 1.551 / 1.532.2 and Jenkins Enterprise 1.509.x / 1.532.x < 1.509.5.1 / 1.532.2.2 Multiple Vulnerabilities |
Redhat
rpms |
|