CVE-2017-1000355

Опубликовано: 29 янв. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

Ссылки

http://www.securityfocus.com/bid/98066
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2017-04-26/
Vendor Advisory
http://www.securityfocus.com/bid/98066
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2017-04-26/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Версия до 2.56 (включая)

Конфигурация 2

cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*

Версия до 2.46.1 (включая)

EPSS

Процентиль: 62%

0.00429

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

CVE-2017-1000355

CVSS3: 6.5

ubuntu

около 8 лет назад

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

CVE-2017-1000355

CVSS3: 5.9

redhat

почти 9 лет назад

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

CVE-2017-1000355

CVSS3: 6.5

debian

около 8 лет назад

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...

GHSA-4466-8jm4-448p

CVSS3: 6.5

github

больше 3 лет назад

Deserialization of Untrusted Data in Jenkins

EPSS

Процентиль: 62%

0.00429

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-502