Description
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:0711
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1773.html
Patch, Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
Scores
CVSS v3
6.1
EPSS
0.0015
EPSS Percentile
34.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (4)
jenkins/jenkins
< 1.642.1
jenkins/jenkins
< 1.649
org.jenkins-ci.main/jenkins-core
1.643 - 1.650Maven
redhat/openshift
3.1
Published
Apr 07, 2016
Tracked Since
Feb 18, 2026