Fluid Attacks Database

Description

Jenkins Vulnerable to Denial of Service (DoS) Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.jenkins-ci.main:jenkins-core	>=1.597 <1.600 \|\| >=0 <1.596.1	1.600, 1.596.1

Aliases

1. CVE-2015-18082. NVD-2015-18083. OSV-2015-18084. GCVE-2015-18085. access.redhat.com

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=12056232. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-273. http://rhn.redhat.com/errata/RHSA-2015-1844.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.