Main Vulnerability Database Vulnerabilities #VU30599

Input validation error in Jenkins - CVE-2012-4438

Published: November 18, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30599

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2012-4438

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Jenkins

Affected software:
Jenkins

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

How to mitigate CVE-2012-4438

Install update from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2012/09/21/2
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438
https://security-tracker.debian.org/tracker/CVE-2012-4438
https://www.cloudbees.com/jenkins-security-advisory-2012-09-17

Input validation error in Jenkins - CVE-2012-4438

Detailed vulnerability description

How to mitigate CVE-2012-4438

Sources

Please verify you're human