CVE-2016-9299 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=2.20 <2.32 || >=0 <2.19.3

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.68152 pctl0.98547

Details

Improper Neutralization of Special Elements used in an LDAP Query in Jenkins The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.

Metadata

Created: 2022-05-14T01:00:43Z
Modified: 2024-03-12T14:24:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2x9h-h3c4-wqqh/GHSA-2x9h-h3c4-wqqh.json
CWE IDs: ["CWE-90"]
Alternative ID: GHSA-2x9h-h3c4-wqqh
Finding: F107
Auto approve: 1