Jenkins has CRLF Injection Vulnerability in the CLI

GHSA-8p3c-m625-wh83 · CVE-2016-0789

Published May 14, 2022 · Modified Mar 13, 2025

Description

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-0789
WEB https://github.com/jenkinsci/jenkins/commit/f5c51fbad2b62b81dc1e0402aeee058a4a478046
WEB https://access.redhat.com/errata/RHSA-2016:0711
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
WEB http://rhn.redhat.com/errata/RHSA-2016-1773.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes