CVE-2012-4438 — Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP

Description

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

How to fix CVE-2012-4438

To remediate CVE-2012-4438, upgrade the affected package to a fixed version below.

Maven/org.jenkins-ci.main:jenkins-core—upgrade to 1.466.2 or later

Is CVE-2012-4438 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.466.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-4438
PATCHgithub.com/jenkinsci/jenkins
WEBbugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438
WEBsecurity-tracker.debian.org/tracker/CVE-2012-4438
WEB