Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-fwqr-3pvp-pjwq

GitHub Security Advisory

Deserialization of Untrusted Data in Jenkins

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).

Affected Packages

Maven org.jenkins-ci.main:jenkins-core
Affected versions: 0 (fixed in 2.32.2)
Maven org.jenkins-ci.main:jenkins-core
Affected versions: 2.34 (fixed in 2.44)

Related CVEs

CVE-2017-2608

Key Information

GHSA ID
GHSA-fwqr-3pvp-pjwq
Published
May 13, 2022 1:36 AM
Last Modified
July 1, 2022 5:46 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.main:jenkins-core
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.