Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2016-3725
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
| Software | From | Fixed in |
|---|---|---|
| jenkins / jenkins | - | 1.651.1.x |
| jenkins / jenkins | - | 2.2.x |
| redhat / openshift | 3.1 | 3.1.x |
| redhat / openshift | 3.2 | 3.2.x |
org.jenkins-ci.main / jenkins-core
|
- | 2.3 |