CVE-2017-2608

Опубликовано: 01 фев. 2017

Источник: redhat

CVSS3: 8.8

Описание

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Enterprise 2	jenkins	Under investigation
Red Hat OpenShift Enterprise 3	jenkins	Under investigation

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-502

https://bugzilla.redhat.com/show_bug.cgi?id=1418724jenkins: XStream remote code execution vulnerability (SECURITY-383)

8.8 High

CVSS3

Связанные уязвимости

CVE-2017-2608

CVSS3: 8.8

ubuntu

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

CVE-2017-2608

CVSS3: 8.8

nvd

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

CVE-2017-2608

CVSS3: 8.8

debian

больше 7 лет назад

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code ex ...

GHSA-fwqr-3pvp-pjwq

CVSS3: 8.8

github

больше 3 лет назад

Deserialization of Untrusted Data in Jenkins

8.8 High

CVSS3