CVE-2012-6072 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.481 <1.491 || >=0 <1.480.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00113 pctl0.3049

Details

Jenkins allows HTTP Injection and Response Splitting CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Metadata

Created: 2022-05-14T02:13:37Z
Modified: 2025-03-13T17:57:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2q8v-qx2x-hxjx/GHSA-2q8v-qx2x-hxjx.json
CWE IDs: ["CWE-113", "CWE-20"]
Alternative ID: GHSA-2q8v-qx2x-hxjx
Finding: F184
Auto approve: 1