CVE-2018-1999042

CVSS v3.0 5.3 (Medium)

CVSS v2.0 5 (Medium)

EPSS 0.08 % (37^th)

Affected Products 1

Advisories 2

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.

Weaknesses

CWE-502: Deserialization of Untrusted Data

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-08-23 18:29:00
(6 years ago)
Updated Date: 2019-05-08 22:22:55
(5 years ago)

Affected Products

Jenkins

Jenkins

Configuration #1

		CPE23	From	Up To
	Jenkins 2.121.2 and prior versions	cpe:2.3:a:jenkins:jenkins::::*:lts		<= 2.121.2
	Jenkins 2.137 and prior versions	cpe:2.3:a:jenkins:jenkins::::*:-		<= 2.137