Jenkins 2.178

CPE Details

Jenkins 2.178
jenkins
jenkins
2.178
2019-07-08
14h42 +00:00
2019-07-08
14h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jenkins:jenkins:2.178:*:*:*:*:*:*:*

Informations

Vendor

jenkins

Product

jenkins

Version

2.178

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-2048 2022-07-07 18h35 +00:00 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
7.5
High
CVE-2021-28165 2021-04-01 12h20 +00:00 In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
7.5
High
CVE-2019-10384 2019-08-28 13h30 +00:00 Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.
8.8
High
CVE-2019-10383 2019-08-28 13h30 +00:00 A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.
4.8
Medium