Lucene search
RootSSV:93065HistoryApr 28, 2017 - 12:00 a.m.
Jenkins XStream: Java crash when trying to instantiate void/Void (CVE-2017-1000355)
2017-04-2800:00:00
Root
www.seebug.org
15
0.001 Low
EPSS
Percentile
34.0%
Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to provide XML to Jenkins for processing using XStream to crash the Java process. In Jenkins this typically applies to users with permission to create or configure items (jobs), views, or agents.
Jenkins now prohibits the attempted deserialization of void / Void that results in a crash.
Related
github
github
Deserialization of Untrusted Data in Jenkins
2022-05-14 03:44:36
osv
osv
Deserialization of Untrusted Data in Jenkins
2022-05-14 03:44:36
CVE-2017-1000355
2018-01-29 17:29:00
ubuntucve
ubuntucve
CVE-2017-1000355
2018-01-29 00:00:00
redhatcve
redhatcve
CVE-2017-1000355
2017-04-27 10:19:38
cve
cve
CVE-2017-1000355
2018-01-29 17:29:00
prion
prion
Design/Logic Flaw
2018-01-29 17:29:00
archlinux
archlinux
[ASA-201704-8] jenkins: multiple issues
2017-04-27 00:00:00
nessus
nessus
openvas
openvas
Jenkins Multiple Vulnerabilities (Apr 2017) - Windows
2017-04-28 00:00:00
Jenkins Multiple Vulnerabilities (Apr 2017) - Linux
2017-04-28 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2017-04-26 00:00:00