CVE-2016-0789
Description
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.148
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-0789,CVE-2016-0788,CVE-2016-0792 are fixed in Jenkins-Core 1.650 | Windows |
| Vulnerabilities CVE-2016-0789,CVE-2016-0788 are fixed in Jenkins-Core 1.642.2 | Windows |
| (RHSA-2016:1237) Important: ImageMagick security update ImageMagick-devel-6.7.2.7-5.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1237) Important: ImageMagick security update ImageMagick-doc-6.7.2.7-5.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1237) Important: ImageMagick security update ImageMagick-perl-6.7.2.7-5.el6_8.x86_64.rpm | Linux |
| Vulnerabilities CVE-2016-0789,CVE-2016-0788,CVE-2016-0792 are fixed in Jenkins-Core for Linux 1.650 | Linux |
| Vulnerabilities CVE-2016-0789,CVE-2016-0788 are fixed in Jenkins-Core for Linux 1.642.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234