9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Jenkins Security Advisory:
Description
SECURITY-232 / CVE-2016-0788(Remote code execution vulnerability in remoting module)
A vulnerability in the Jenkins remoting module allowed
unauthenticated remote attackers to open a JRMP listener on the
server hosting the Jenkins master process, which allowed arbitrary
code execution.
SECURITY-238 / CVE-2016-0789(HTTP response splitting vulnerability)
An HTTP response splitting vulnerability in the CLI command
documentation allowed attackers to craft Jenkins URLs that serve
malicious content.
SECURITY-241 / CVE-2016-0790(Non-constant time comparison of API token)
The verification of user-provided API tokens with the expected
value did not use a constant-time comparison algorithm, potentially
allowing attackers to use statistical methods to determine valid
API tokens using brute-force methods.
SECURITY-245 / CVE-2016-0791(Non-constant time comparison of CSRF crumbs)
The verification of user-provided CSRF crumbs with the expected
value did not use a constant-time comparison algorithm, potentially
allowing attackers to use statistical methods to determine valid
CSRF crumbs using brute-force methods.
SECURITY-247 / CVE-2016-0792(Remote code execution through remote API)
Jenkins has several API endpoints that allow low-privilege users
to POST XML files that then get deserialized by Jenkins.
Maliciously crafted XML files sent to these API endpoints could
result in arbitrary code execution.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%