Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-4466-8JM4-448P
HistoryMay 14, 2022 - 3:44 a.m.

Deserialization of Untrusted Data in Jenkins

2022-05-1403:44:36
CWE-502
GitHub Advisory Database
github.com
10

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

33.5%

JSON

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

Related

osv 2
prion 1
seebug 1
ubuntucve 1
redhatcve 1
cve 1
archlinux 1
nessus 2
openvas 2
freebsd 1
osv
osv
Deserialization of Untrusted Data in Jenkins
2022-05-14 03:44:36
CVE-2017-1000355
2018-01-29 17:29:00
prion
prion
Design/Logic Flaw
2018-01-29 17:29:00
seebug
seebug
Jenkins XStream: Java crash when trying to instantiate void/Void (CVE-2017-1000355)
2017-04-28 00:00:00
ubuntucve
ubuntucve
CVE-2017-1000355
2018-01-29 00:00:00
redhatcve
redhatcve
CVE-2017-1000355
2017-04-27 10:19:38
cve
cve
CVE-2017-1000355
2018-01-29 17:29:00
archlinux
archlinux
[ASA-201704-8] jenkins: multiple issues
2017-04-27 00:00:00
nessus
nessus
FreeBSD : jenkins -- multiple vulnerabilities (631c4710-9be5-4a80-9310-eb2847fe24dd)
2017-04-27 00:00:00
Jenkins < 2.46.2 / 2.57 and Jenkins Enterprise < 1.625.24.1 / 1.651.24.1 / 2.7.24.0.1 / 2.46.2.1 Multiple Vulnerabilities
2017-05-04 00:00:00
openvas
openvas
Jenkins Multiple Vulnerabilities - Apr17 (Windows)
2017-04-28 00:00:00
Jenkins Multiple Vulnerabilities - Apr17 (Linux)
2017-04-28 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2017-04-26 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

33.5%

JSON
Related for GHSA-4466-8JM4-448P
osv2prion1seebug1ubuntucve1redhatcve1cve1archlinux1nessus2openvas2freebsd1