CVE-2016-0789
MEDIUM6.1EPSS 0.15%Jenkins has CRLF Injection Vulnerability in the CLI
Published: 5/14/2022Modified: 3/13/2025
Description
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Affected packages (1)
- Maven/org.jenkins-ci.main:jenkins-core>= 1.643, < 1.650
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-0789
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttp://rhn.redhat.com/errata/RHSA-2016-1773.html
- WEBhttps://access.redhat.com/errata/RHSA-2016:0711
- WEBhttps://github.com/jenkinsci/jenkins/commit/f5c51fbad2b62b81dc1e0402aeee058a4a478046
- WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24