Vulnerabilities > CVE-2014-2063 - Unspecified vulnerability in Jenkins

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
jenkins
nessus

Summary

Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Jenkins
1138

Nessus

NASL familyCGI abuses
NASL idJENKINS_1_551.NASL
descriptionThe remote web server hosts a version of Jenkins or Jenkins Enterprise that is affected by multiple vulnerabilities : - A flaw in the default markup formatter allows cross-site scripting via the Description field in the user configuration. (CVE-2013-5573) - A security bypass vulnerability allows remote authenticated attackers to change configurations and execute arbitrary jobs. (CVE-2013-7285, CVE-2013-7330, CVE-2014-2058) - An unspecified flaw in the Winstone servlet allows remote attackers to hijack sessions. (CVE-2014-2060) - An input control flaw in
last seen2020-06-01
modified2020-06-02
plugin id72685
published2014-02-25
reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/72685
titleJenkins < 1.551 / 1.532.2 and Jenkins Enterprise 1.509.x / 1.532.x < 1.509.5.1 / 1.532.2.2 Multiple Vulnerabilities

Redhat

rpms
  • jenkins-0:1.565.3-1.el6op
  • jenkins-plugin-openshift-0:0.6.40.1-0.el6op
  • openshift-origin-cartridge-jenkins-0:1.20.3.5-1.el6op