CVE-2016-0789 — Improper Input Validation in Jenkins

CWE-20 — Improper Input Validation CWE-113 — HTTP Request/Response Splitting8 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 64.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedApr 7

Latest updateMay 14

Description

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDjenkins/jenkins1.642.1+1

▶NVDredhat/openshift3.1

Patches

Patch: wiki.jenkins-ci.org ↗Patch: wiki.jenkins-ci.org ↗

🔴Vulnerability Details

OSV

Jenkins has CRLF Injection Vulnerability in the CLI↗2022-05-14

▶

GHSA

Jenkins has CRLF Injection Vulnerability in the CLI↗2022-05-14

▶

CVEList

CVE-2016-0789: CRLF injection vulnerability in the CLI command documentation in Jenkins before 1↗2016-04-07

▶

📋Vendor Advisories

Red Hat

jenkins: HTTP response splitting vulnerability (SECURITY-238)↗2016-02-24

▶

Jenkins

Jenkins Security Advisory 2016-02-24↗2016-02-24

▶

💬Community

Bugzilla

CVE-2016-0788 CVE-2016-0789 CVE-2016-0790 CVE-2016-0791 CVE-2016-0792 jenkins: security advisory 2016-02-24 [fedora-all]↗2016-02-25

▶

Bugzilla

CVE-2016-0789 jenkins: HTTP response splitting vulnerability (SECURITY-238)↗2016-02-25

▶