CVE-2016-0789

MEDIUM

Jenkins <1.650-1.642.2 - CRLF Injection

Title source: llm

Description

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References (3)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-1773.html

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2016:0711

[Patch, Vendor Advisory] https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24

Scores

CVSS v3 6.1

EPSS 0.0015

EPSS Percentile 35.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-20

Status draft

Affected Products (4)

jenkins/jenkins < 1.642.1

redhat/openshift

jenkins/jenkins < 1.649

org.jenkins-ci.main/jenkins-core < 1.650Maven

Timeline

Published Apr 07, 2016

Tracked Since Feb 18, 2026