CVE-2022-0538

Summary

Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkinsunspecified <= 2.333affected
Jenkins projectJenkinsunspecified <= LTS 2.319.2affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References