CVE-2012-4438
HIGH8.8EPSS 1.1%Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access
Published: 4/23/2022Modified: 3/12/2025
Description
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
Affected packages (1)
- Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 1.466.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-4438
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438
- WEBhttps://security-tracker.debian.org/tracker/CVE-2012-4438
- WEBhttps://www.cloudbees.com/jenkins-security-advisory-2012-09-17
- WEBhttp://www.openwall.com/lists/oss-security/2012/09/21/2