Описание
Deserialization of Untrusted Data in Jenkins
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
Пакеты
org.jenkins-ci.main:jenkins-core
< 2.121.3
2.121.3
org.jenkins-ci.main:jenkins-core
>= 2.122, < 2.138
2.138
Связанные уязвимости
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earli ...