Description
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-1773.html
https://access.redhat.com/errata/RHSA-2016:0711
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
Related Vulnerabilities
CVE-2016-10744 Vulnerability in maven package org.webjars.bower:select2
CVE-2022-39249 Vulnerability in npm package matrix-js-sdk
CVE-2021-39176 Vulnerability in npm package detect-character-encoding
CVE-2021-23346 Vulnerability in maven package org.webjars.npm:html-parse-stringify2
CVE-2023-26136 Vulnerability in maven package org.webjars.npm:tough-cookie