Описание
Jenkins allows Remote Users to Inject Build Parameters
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-3721
- https://access.redhat.com/errata/RHSA-2016:1206
- https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
- https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
- http://rhn.redhat.com/errata/RHSA-2016-1773.html
- http://www.openwall.com/lists/oss-security/2024/05/02/3
Пакеты
org.jenkins-ci.main:jenkins-core
>= 1.660, < 2.3
2.3
org.jenkins-ci.main:jenkins-core
< 1.651.2
1.651.2
Связанные уязвимости
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authentic ...