CVE-2012-4438 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <1.466.2 || >=1.467 <1.482

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01121 pctl0.77412

Details

Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

Metadata

Created: 2022-04-23T00:40:12Z
Modified: 2025-03-12T15:52:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-wr6p-j63r-xqhv/GHSA-wr6p-j63r-xqhv.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-wr6p-j63r-xqhv
Finding: F184
Auto approve: 1