High severityNVD Advisory· Published Nov 18, 2019· Updated Aug 6, 2024

CVE-2012-4438

Description

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.main:jenkins-coreMaven	< 1.466.2	1.466.2
org.jenkins-ci.main:jenkins-coreMaven	>= 1.467, < 1.482	1.482

Affected products

ghsa-coords
pkg:maven/org.jenkins-ci.main/jenkins-core
Range: < 1.466.2
Jenkins Project/Jenkinsv5
Range: 1.447.2

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-wr6p-j63r-xqhvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2012-4438ghsaADVISORY
www.openwall.com/lists/oss-security/2012/09/21/2ghsax_refsource_MISCWEB
bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
security-tracker.debian.org/tracker/CVE-2012-4438ghsax_refsource_MISCWEB
www.cloudbees.com/jenkins-security-advisory-2012-09-17ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000