CVE-2018-1999042

Опубликовано: 23 авг. 2018

Источник: debian

EPSS Низкий

Описание

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jenkins	removed			package

EPSS

Процентиль: 45%

0.00227

Низкий

Связанные уязвимости

CVE-2018-1999042

CVSS3: 5.3

ubuntu

больше 7 лет назад

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.

CVE-2018-1999042

CVSS3: 4.3

redhat

больше 7 лет назад

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.

CVE-2018-1999042

CVSS3: 5.3

nvd

больше 7 лет назад

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.

GHSA-28p3-mchr-9frj

CVSS3: 5.3

github

больше 3 лет назад

Deserialization of Untrusted Data in Jenkins

EPSS

Процентиль: 45%

0.00227

Низкий