CVE-2017-1000355

Опубликовано: 26 апр. 2017

Источник: redhat

CVSS3: 5.9

EPSS Низкий

Описание

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Enterprise 3	jenkins	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1446128jenkins: Java crash when trying to instantiate void/Void (SECURITY-503)

EPSS

Процентиль: 62%

0.00429

Низкий

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2017-1000355

CVSS3: 6.5

ubuntu

около 8 лет назад

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

CVE-2017-1000355

CVSS3: 6.5

nvd

около 8 лет назад

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

CVE-2017-1000355

CVSS3: 6.5

debian

около 8 лет назад

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...

GHSA-4466-8jm4-448p

CVSS3: 6.5

github

больше 3 лет назад

Deserialization of Untrusted Data in Jenkins

EPSS

Процентиль: 62%

0.00429

Низкий

5.9 Medium

CVSS3