Описание
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.263.1 (включая)Версия до 2.274 (включая)
Одно из
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
EPSS
Процентиль: 74%
0.00835
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 8
redhat
около 5 лет назад
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator.
CVSS3: 8
debian
около 5 лет назад
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers wi ...
CVSS3: 8
github
больше 3 лет назад
Improper handling of REST API XML deserialization errors in Jenkins
EPSS
Процентиль: 74%
0.00835
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-502