Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access

GHSA-wr6p-j63r-xqhv · CVE-2012-4438

Published Apr 23, 2022 · Modified Mar 12, 2025

Description

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2012-4438
WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://security-tracker.debian.org/tracker/CVE-2012-4438
WEB https://www.cloudbees.com/jenkins-security-advisory-2012-09-17
WEB http://www.openwall.com/lists/oss-security/2012/09/21/2

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes