Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable to DNS rebinding attacks that allow bypassing origin validation.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HJenkins
APPJenkins2.426.3 – 2.541.3 (bez)2.442 – 2.555 (bez)
Related vulnerabilities
Jenkins CLI – odczyt dowolnych plików przez path traversal bez uwierzytelnienia
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.13...
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remot...
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the...
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent ...