CVE-2012-4438
HIGHJenkins < 1.482 and LTS < 1.466.2 - Authenticated Remote Code Execution
Title source: llmDescription
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2012-4438
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2012/09/21/2
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438
Vendor Advisory x_refsource_misc
https://www.cloudbees.com/jenkins-security-advisory-2012-09-17
Scores
CVSS v3
8.8
EPSS
0.0112
EPSS Percentile
78.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (3)
jenkins/jenkins
< 1.466.2
jenkins/jenkins
< 1.482
org.jenkins-ci.main/jenkins-core
0 - 1.466.2Maven
Published
Nov 18, 2019
Tracked Since
Feb 18, 2026