CVE-2016-0789 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.643 <1.650 || >=0 <1.642.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00116 pctl0.30937

Details

Jenkins has CRLF Injection Vulnerability in the CLI CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Metadata

Created: 2022-05-14T03:58:16Z
Modified: 2025-03-13T19:03:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8p3c-m625-wh83/GHSA-8p3c-m625-wh83.json
CWE IDs: ["CWE-113", "CWE-20"]
Alternative ID: GHSA-8p3c-m625-wh83
Finding: F184
Auto approve: 1