Описание
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
A denial of service (DoS) flaw was found in Jenkins. This flaw allows an attacker to define custom XStream converters that do not protect against the vulnerability in CVE-2021-43859, allowing for uncontrolled resource consumption.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...
DoS vulnerability in bundled XStream library in Jenkins Core
7.5 High
CVSS3