cnvd - cnvd-2016-00856

cnvd-2016-00856

Vulnerability from cnvd

Title: CloudBees Jenkins CI和LTS Plugins Manager任意代码执行漏洞

Description:

CloudBees Jenkins CI是一套基于Java开发的持续集成工具，它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。LTS是CloudBees Jenkins CI的一个长期支持版本。

CloudBees Jenkins CI的Plugins Manager未能验证站点升级数据中引用的插件文件的校验和存在安全漏洞，允许攻击者可利用特制的插件实施中间人攻击，执行任意代码。

Severity: 中

Patch Name: CloudBees Jenkins CI和LTS Plugins Manager任意代码执行漏洞的补丁

Patch Description:

CloudBees Jenkins CI的Plugins Manager未能验证站点升级数据中引用的插件文件的校验和存在安全漏洞，允许攻击者可利用特制的插件实施中间人攻击，执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Reference: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Impacted products

Name
['CloudBees LTS <1.625.2', 'CloudBees Jenkins < 1.640']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "82734"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7539"
    }
  },
  "description": "CloudBees Jenkins CI\u662f\u4e00\u5957\u57fa\u4e8eJava\u5f00\u53d1\u7684\u6301\u7eed\u96c6\u6210\u5de5\u5177\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u6301\u7eed\u7684\u8f6f\u4ef6\u7248\u672c\u53d1\u5e03/\u6d4b\u8bd5\u9879\u76ee\u548c\u4e00\u4e9b\u5b9a\u65f6\u6267\u884c\u7684\u4efb\u52a1\u3002LTS\u662fCloudBees Jenkins CI\u7684\u4e00\u4e2a\u957f\u671f\u652f\u6301\u7248\u672c\u3002\r\n\r\nCloudBees Jenkins CI\u7684Plugins Manager\u672a\u80fd\u9a8c\u8bc1\u7ad9\u70b9\u5347\u7ea7\u6570\u636e\u4e2d\u5f15\u7528\u7684\u63d2\u4ef6\u6587\u4ef6\u7684\u6821\u9a8c\u548c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u7279\u5236\u7684\u63d2\u4ef6\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "82734",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-00856",
  "openTime": "2016-02-15",
  "patchDescription": "CloudBees Jenkins CI\u662f\u4e00\u5957\u57fa\u4e8eJava\u5f00\u53d1\u7684\u6301\u7eed\u96c6\u6210\u5de5\u5177\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u6301\u7eed\u7684\u8f6f\u4ef6\u7248\u672c\u53d1\u5e03/\u6d4b\u8bd5\u9879\u76ee\u548c\u4e00\u4e9b\u5b9a\u65f6\u6267\u884c\u7684\u4efb\u52a1\u3002LTS\u662fCloudBees Jenkins CI\u7684\u4e00\u4e2a\u957f\u671f\u652f\u6301\u7248\u672c\u3002\r\n\r\nCloudBees Jenkins CI\u7684Plugins Manager\u672a\u80fd\u9a8c\u8bc1\u7ad9\u70b9\u5347\u7ea7\u6570\u636e\u4e2d\u5f15\u7528\u7684\u63d2\u4ef6\u6587\u4ef6\u7684\u6821\u9a8c\u548c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u7279\u5236\u7684\u63d2\u4ef6\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "CloudBees Jenkins CI\u548cLTS Plugins Manager\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "CloudBees LTS \u003c1.625.2",
      "CloudBees Jenkins \u003c 1.640"
    ]
  },
  "referenceLink": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-08",
  "title": "CloudBees Jenkins CI\u548cLTS Plugins Manager\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2015-7539 (GCVE-0-2015-7539)

Vulnerability from cvelistv5

Published

2016-02-03 15:00

Modified

2024-08-06 07:51

Severity ?

CWE

Summary

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.

References

▼	URL	Tags
	https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-0489.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2016:0070	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:28.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"
          },
          {
            "name": "RHSA-2016:0489",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html"
          },
          {
            "name": "RHSA-2016:0070",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:0070"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-06-09T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"
        },
        {
          "name": "RHSA-2016:0489",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html"
        },
        {
          "name": "RHSA-2016:0070",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:0070"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-7539",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09",
              "refsource": "CONFIRM",
              "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09"
            },
            {
              "name": "RHSA-2016:0489",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html"
            },
            {
              "name": "RHSA-2016:0070",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:0070"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-7539",
    "datePublished": "2016-02-03T15:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:28.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted