Описание
DoS vulnerability in bundled XStream library in Jenkins Core
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier is affected by the XStream library’s vulnerability CVE-2021-43859. This library is used by Jenkins to serialize and deserialize various XML files, like global and job config.xml, build.xml, and numerous others.
This allows attackers able to submit crafted XML files to Jenkins to be parsed as configuration, e.g. through the POST config.xml API, to cause a denial of service (DoS).
Пакеты
org.jenkins-ci.main:jenkins-core
>= 2.320, < 2.334
2.334
org.jenkins-ci.main:jenkins-core
< 2.319.3
2.319.3
Связанные уязвимости
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...