CVE-2016-3721 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.660 <2.3 || >=0 <1.651.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00163 pctl0.37757

Details

Jenkins allows Remote Users to Inject Build Parameters Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.

Metadata

Created: 2022-05-14T03:57:46Z
Modified: 2025-03-13T18:02:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qf2h-h3xq-j93j/GHSA-qf2h-h3xq-j93j.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-qf2h-h3xq-j93j
Finding: F422
Auto approve: 1