Home

CVE-2016-3725

Description

Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.162

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Jenkins 2.2Windows
Vulnerabilities CVE-2016-3723,CVE-2016-3725,CVE-2016-3722 are fixed in Jenkins-Core 2.3Windows
Multiple vulnerabilities affected in Jenkins 2.2 (For Ubuntu)Linux
Multiple vulnerabilities affected in Jenkins 2.2 (For Debian)Linux
Multiple vulnerabilities affected in Jenkins 2.2 (For Centos)Linux
Multiple vulnerabilities affected in Jenkins 2.2 (For RedHat)Linux
Multiple vulnerabilities affected in Jenkins 2.2 (For Suse)Linux
Vulnerabilities CVE-2016-3723,CVE-2016-3725,CVE-2016-3722 are fixed in Jenkins-Core for Linux 2.3Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234