CVE-2017-2608

Опубликовано: 15 мая 2018

Источник: debian

EPSS Низкий

Описание

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jenkins	removed			package

Примечания

https://jenkins.io/security/advisory/2017-02-01/

EPSS

Процентиль: 86%

0.02976

Низкий

Связанные уязвимости

CVE-2017-2608

CVSS3: 8.8

ubuntu

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

CVE-2017-2608

CVSS3: 8.8

redhat

около 9 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

CVE-2017-2608

CVSS3: 8.8

nvd

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

GHSA-fwqr-3pvp-pjwq

CVSS3: 8.8

github

больше 3 лет назад

Deserialization of Untrusted Data in Jenkins

EPSS

Процентиль: 86%

0.02976

Низкий