Lucene search
GoogleOSV:GHSA-28P3-MCHR-9FRJHistoryMay 14, 2022 - 1:04 a.m.
Deserialization of Untrusted Data in Jenkins
2022-05-1401:04:56
Google
osv.dev
12
jenkins
vulnerability
xstream2.java
deserialization
java.net.url
domain name
security
EPSS
0.001
Percentile
31.3%
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
Related
osv
osv
CVE-2018-1999042
2018-08-23 18:29:00
ubuntucve
ubuntucve
CVE-2018-1999042
2018-08-23 00:00:00
github
github
Deserialization of Untrusted Data in Jenkins
2022-05-14 01:04:56
prion
prion
Design/Logic Flaw
2018-08-23 18:29:00
nvd
nvd
CVE-2018-1999042
2018-08-23 18:29:00
cvelist
cvelist
CVE-2018-1999042
2022-10-03 16:22:22
redhatcve
redhatcve
CVE-2018-1999042
2018-08-23 04:50:52
cve
cve
CVE-2018-1999042
2022-10-03 16:22:22
openvas
openvas
Jenkins < 2.138 and < 2.121.3 LTS Multiple Vulnerabilities - Linux
2018-08-27 00:00:00
Jenkins < 2.138 and < 2.121.3 LTS Multiple Vulnerabilities - Windows
2018-08-27 00:00:00
nessus
nessus
Jenkins < 2.121.3 / 2.138 Multiple Vulnerabilities
2018-09-06 00:00:00