2 matches found
GHSA-F585-9FW3-RJ2M Arbitrary file existence check in file fingerprints in Jenkins
Jenkins provides a feature for jobs to store and track fingerprints of files used during a build. Jenkins 2.274 and earlier, LTS 2.263.1 and earlier provides a REST API to check where a given fingerprint was used by which builds. This endpoint does not fully validate that the provided fingerprint...
PT-2021-14650 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue allows attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors. This is due to...