7 matches found
CVE-2017-1000355
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void...
CVE-2017-1000355
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void...
CVE-2017-1000355
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void...
CVE-2017-1000355
CVE-2017-1000355 is described in the sources as a Denial of Service vulnerability in Jenkins caused by an XStream deserialization issue that crashes the JVM when attempting to instantiate void/Void. Affected are Jenkins versions 2.56 and earlier and 2.46.1 LTS and earlier (per the initial descrip...
Jenkins < 2.46.2 / 2.57 and Jenkins Enterprise < 1.625.24.1 / 1.651.24.1 / 2.7.24.0.1 / 2.46.2.1 Multiple Vulnerabilities
The version of Jenkins running on the remote web server is prior to 2.57 or is a version of Jenkins LTS prior to 2.46.2, or else it is a version of Jenkins Enterprise that is 1.625.x.y prior to 1.625.24.1, 1.651.x.y prior to 1.651.24.1, 2.7.x.0.y prior to 2.7.24.0.1, or 2.x.y.z prior to 2.46.2.1...
Jenkins XStream: Java crash when trying to instantiate void/Void (CVE-2017-1000355)
Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to provide XML to Jenkins for processing using XStream to crash the Java process. In Jenkins this typically applies to users with permission to...
Jenkins Multiple Vulnerabilities (Apr 2017) - Linux
Multiple cross-site request forgery CSRF vulnerabilities in Jenkins allow malicious users to perform several administrative actions by tricking a victim into opening a web page. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...