Description

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

Remediation

References

CVE-2017-2608

Related Vulnerabilities

PostgreSQL Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1115)

Perl Use of Externally-Controlled Format String Vulnerability (CVE-2012-1151)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1999042)

OpenSSL Cryptographic Issues Vulnerability (CVE-2011-4576)

MySQL CVE-2021-2014 Vulnerability (CVE-2021-2014)

Severity

High

Classification

CVE-2017-2608 CWE-502 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities