CVE-2022-0538

Published: Feb 9, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.

Vendor	Product	Versions
Jenkins project	Jenkins	affected `unspecified - <= 2.333` affected `unspecified - <= LTS 2.319.2`

References

https://www.jenkins.io/security/advisory/2022-02-09/#SECURITY-2602

x_refsource_CONFIRM

[oss-security] 20220209 Vulnerability in Jenkins

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-0538

Description

Affected Products

References