Описание
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 3.2 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.3 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.4 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.5 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins | Will not fix | ||
| Red Hat OpenShift Enterprise 3.1 | jenkins | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=1620337jenkins: Deserialization of URL objects with host components
EPSS
Процентиль: 34%
0.00134
Низкий
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
ubuntu
почти 7 лет назад
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
CVSS3: 5.3
nvd
почти 7 лет назад
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
CVSS3: 5.3
debian
почти 7 лет назад
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earli ...
EPSS
Процентиль: 34%
0.00134
Низкий
4.3 Medium
CVSS3