Описание
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.319.3 (исключая)Версия до 2.334 (исключая)
Одно из
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
EPSS
Процентиль: 71%
0.00675
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 7.5
redhat
почти 4 года назад
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
CVSS3: 7.5
debian
почти 4 года назад
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...
CVSS3: 6.5
github
почти 4 года назад
DoS vulnerability in bundled XStream library in Jenkins Core
EPSS
Процентиль: 71%
0.00675
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-502