Description

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Remediation

References

CVE-2016-0789

Related Vulnerabilities

Zenphoto Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5595)

WordPress Plugin WP Maintenance Cross-Site Request Forgery (5.0.5)

Oracle Application Server Other Vulnerability (CVE-2007-2119)

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2005-0247)

WordPress Plugin WordPress Bitcoin Payments-Blockonomics Cross-Site Scripting (3.5.7)

Severity

Medium

Classification

CVE-2016-0789 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities