Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.

References

www.openwall.com/lists/oss-security/2022/02/09/1

www.jenkins.io/security/advisory/2022-02-09/#SECURITY-2602

redhatcve 2

nessus 10

cvelist 2

prion 2

alpinelinux 1

nvd 2

cve 2

github 2

veracode 2

osv 6

openvas 7

freebsd 1

ibm 12

suse 1

fedora 2

ubuntucve 1

debiancve 1

debian 1

redhat 3

oracle 5

redhatcve

CVE-2022-0538

2022-02-09 19:23:15

CVE-2021-43859

2022-02-02 17:17:46

nessus

Jenkins LTS < 2.319.3 / Jenkins weekly < 2.334 Multiple Vulnerabilities

2022-02-09 00:00:00

Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.6 / 2.303.x < 2.303.30.0.5 / 2.319.3.3 Multiple DoS (CloudBees Security Advisory 2022-02-09)

2022-03-07 00:00:00

FreeBSD : jenkins -- DoS vulnerability in bundled XStream library (0b0ad196-1ee8-4a98-89b1-4d5d82af49a9)

2022-02-11 00:00:00

cvelist

CVE-2022-0538

2022-02-09 13:30:15

CVE-2021-43859 Denial of Service by injecting highly recursive collections or maps in XStream

2022-02-01 12:08:57

prion

Design/Logic Flaw

2022-02-09 14:15:00

Design/Logic Flaw

2022-02-01 12:15:00

alpinelinux

CVE-2022-0538

2022-02-09 14:15:07

nvd

CVE-2022-0538

2022-02-09 14:15:07

CVE-2021-43859

2022-02-01 12:15:08

cve

CVE-2022-0538

2022-02-09 14:15:07

CVE-2021-43859

2022-02-01 12:15:08

github

DoS vulnerability in bundled XStream library in Jenkins Core

2022-02-10 00:00:30

Denial of Service by injecting highly recursive collections or maps in XStream

2022-02-01 00:48:15

veracode

Denial Of Service (DoS)

2022-02-11 12:56:51

Denial Of Service (DoS)

2022-02-03 05:50:21

osv

DoS vulnerability in bundled XStream library in Jenkins Core

2022-02-10 00:00:30

BIT-jenkins-2022-0538

2024-03-06 10:58:37

libxstream-java - security update

2022-02-15 00:00:00

openvas

Jenkins < 2.319.3, < 2.334 DoS Vulnerability - Windows

2022-02-10 00:00:00

Jenkins < 2.319.3, < 2.334 DoS Vulnerability - Linux

2022-02-10 00:00:00

openSUSE: Security Advisory for xstream (openSUSE-SU-2022:0817-1)

2022-03-23 00:00:00

freebsd

jenkins -- DoS vulnerability in bundled XStream library

2022-02-09 00:00:00

ibm

Security Bulletin: Due to the use of XStream, IBM Tivoli Netcool Configuration Manager is vulnerable to denial of service (CVE-2021-43859)

2023-01-17 16:19:21

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

2022-03-30 15:22:38

Security Bulletin: IBM Sterling B2B Integrator vulnerable to denial of service due to XStream (CVE-2021-43859)

2022-10-17 13:22:21

suse

Security update for xstream (moderate)

2022-03-14 00:00:00

fedora

[SECURITY] Fedora 34 Update: xstream-1.4.19-1.fc34

2022-02-12 01:16:35

[SECURITY] Fedora 35 Update: xstream-1.4.19-1.fc35

2022-02-12 01:20:20

ubuntucve

CVE-2021-43859

2022-02-01 00:00:00

debiancve

CVE-2021-43859

2022-02-01 12:15:08

debian

[SECURITY] [DLA 2924-1] libxstream-java security update

2022-02-15 21:37:16

redhat

(RHSA-2022:5606) Moderate: Red Hat Integration Camel Extensions for Quarkus 2.7 security update

2022-07-19 13:36:43

(RHSA-2022:1420) Important: OpenShift Container Platform 3.11.685 security and bug fix update

2022-04-27 07:30:47

(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update

2022-07-07 14:16:35

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

6.5

Confidence

Low

EPSS

0.015

Percentile

87.1%

JSON

Related for OSV:CVE-2022-0538