6.5

CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatOpenshift Version3.1 SwEditionenterprise
RedhatOpenshift Version3.2 SwEditionenterprise
JenkinsJenkins SwEditionlts Version <= 1.651.1
JenkinsJenkins Version <= 2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.12% 0.796
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://rhn.redhat.com/errata/RHSA-2016-1773.html
http://www.openwall.com/lists/oss-security/2024/05/02/3
https://access.redhat.com/errata/RHSA-2016:1206
https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170
Vendor Advisory
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
Vendor Advisory
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
Vendor Advisory