Description

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24

https://access.redhat.com/errata/RHSA-2016:0711

http://rhn.redhat.com/errata/RHSA-2016-1773.html

Related Vulnerabilities

CVE-2016-1182 Vulnerability in maven package struts:struts

CVE-2022-31108 Vulnerability in npm package mermaid

CVE-2022-36007 Vulnerability in maven package com.github.jlangch:venice

CVE-2020-7793 Vulnerability in npm package ua-parser-js

CVE-2022-25896 Vulnerability in npm package passport

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Vendor Advisory