GHSA-fwqr-3pvp-pjwq

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Deserialization of Untrusted Data in Jenkins

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

Ссылки

Пакеты

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

< 2.32.2

2.32.2

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

>= 2.34, < 2.44

2.44

EPSS

Процентиль: 86%

0.02976

Низкий

8.8 High

CVSS3

CVE ID

CVE-2017-2608

Дефекты

CWE-502

Связанные уязвимости

CVE-2017-2608

CVSS3: 8.8

ubuntu

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

CVE-2017-2608

CVSS3: 8.8

redhat

около 9 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

CVE-2017-2608

CVSS3: 8.8

nvd

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

CVE-2017-2608

CVSS3: 8.8

debian

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code ex ...

EPSS

Процентиль: 86%

0.02976

Низкий

8.8 High

CVSS3

CVE ID

CVE-2017-2608

Дефекты

CWE-502