CVE-2016-0789

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*

Configuration 2 (hide)

cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*

Configuration 3 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:42

Type Values Removed Values Added
References () http://rhn.redhat.com/errata/RHSA-2016-1773.html - () http://rhn.redhat.com/errata/RHSA-2016-1773.html -
References () https://access.redhat.com/errata/RHSA-2016:0711 - () https://access.redhat.com/errata/RHSA-2016:0711 -
References () https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 - Patch, Vendor Advisory () https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 - Patch, Vendor Advisory

Information

Published : 2016-04-07 23:59

Updated : 2024-11-21 02:42


NVD link : CVE-2016-0789

Mitre link : CVE-2016-0789

CVE.ORG link : CVE-2016-0789


JSON object : View

Products Affected

jenkins

  • jenkins

redhat

  • openshift
CWE
CWE-20

Improper Input Validation