GHSA-wr6p-j63r-xqhv

Опубликовано: 23 апр. 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

Ссылки

Пакеты

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

< 1.466.2

1.466.2

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

>= 1.467, < 1.482

1.482

EPSS

Процентиль: 78%

0.01121

Низкий

8.8 High

CVSS3

CVE ID

CVE-2012-4438

Дефекты

CWE-20

Связанные уязвимости

CVE-2012-4438

CVSS3: 8.8

ubuntu

около 6 лет назад

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

CVE-2012-4438

redhat

больше 13 лет назад

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

CVE-2012-4438

CVSS3: 8.8

nvd

около 6 лет назад

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

CVE-2012-4438

CVSS3: 8.8

debian

около 6 лет назад

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attacke ...

EPSS

Процентиль: 78%

0.01121

Низкий

8.8 High

CVSS3

CVE ID

CVE-2012-4438

Дефекты

CWE-20