Description

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

Remediation

References

CVE-2012-4438

Related Vulnerabilities

WordPress Plugin TheCartPress eCommerce Shopping Cart Multiple Vulnerabilities (1.3.9)

Roundcube Improper Access Control Vulnerability (CVE-2016-9920)

WordPress Plugin Frontend Post WordPress-AccessPress Anonymous Post includes Backdoor [Only if downloaded via the vendor website] (2.8.0)

Atlassian Jira Other Vulnerability (CVE-2006-3338)

WordPress Plugin Integration for Contact Form 7 and Mailchimp Cross-Site Scripting (1.0.9)

Severity

High

Classification

CVE-2012-4438 CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities