VulnerableCode Package Details - pkg:maven/org.jenkins-ci.main/jenkins-core@2.46.2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-syz5-rzv5-ukhb	Cross-Site Request Forgery (CSRF) Jenkins is vulnerable to an issue in the Jenkins user database authentication realm.	CVE-2017-1000356 GHSA-85wq-pqhp-hmq6
VCID-yq9y-tdnu-2uc3	Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.	CVE-2017-1000355 GHSA-4466-8jm4-448p
VCID-ytyb-zk5y-6ub2	Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.	CVE-2017-1000354 GHSA-r57f-7xw3-q2r9
VCID-z5ns-74uq-4uef	Deserialization of Untrusted Data in Jenkins An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing denylist-based protection mechanism.	CVE-2017-1000353 GHSA-26wc-3wqp-g3rp

Vulnerability

Summary

Aliases

VCID-syz5-rzv5-ukhb

Cross-Site Request Forgery (CSRF) Jenkins is vulnerable to an issue in the Jenkins user database authentication realm.

CVE-2017-1000356
GHSA-85wq-pqhp-hmq6

VCID-yq9y-tdnu-2uc3

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.

CVE-2017-1000355
GHSA-4466-8jm4-448p

VCID-ytyb-zk5y-6ub2

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.

CVE-2017-1000354
GHSA-r57f-7xw3-q2r9

VCID-z5ns-74uq-4uef

Deserialization of Untrusted Data in Jenkins An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing denylist-based protection mechanism.

CVE-2017-1000353
GHSA-26wc-3wqp-g3rp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-29T20:28:50.116244+00:00	GitLab Importer	Fixing	VCID-z5ns-74uq-4uef	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-1000353.yml	38.5.0
2026-04-16T21:49:06.007709+00:00	GitLab Importer	Fixing	VCID-z5ns-74uq-4uef	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-1000353.yml	38.4.0
2026-04-11T23:05:06.090756+00:00	GitLab Importer	Fixing	VCID-z5ns-74uq-4uef	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-1000353.yml	38.3.0
2026-04-04T14:30:58.167399+00:00	GHSA Importer	Fixing	VCID-syz5-rzv5-ukhb	https://github.com/advisories/GHSA-85wq-pqhp-hmq6	38.1.0
2026-04-04T14:30:58.136238+00:00	GHSA Importer	Fixing	VCID-yq9y-tdnu-2uc3	https://github.com/advisories/GHSA-4466-8jm4-448p	38.1.0
2026-04-04T14:30:58.055389+00:00	GHSA Importer	Fixing	VCID-ytyb-zk5y-6ub2	https://github.com/advisories/GHSA-r57f-7xw3-q2r9	38.1.0
2026-04-02T23:13:22.607438+00:00	GitLab Importer	Fixing	VCID-z5ns-74uq-4uef	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-1000353.yml	38.1.0
2026-04-01T16:00:48.277770+00:00	GHSA Importer	Fixing	VCID-z5ns-74uq-4uef	https://github.com/advisories/GHSA-26wc-3wqp-g3rp	38.0.0
2026-04-01T13:12:04.050315+00:00	GithubOSV Importer	Fixing	VCID-ytyb-zk5y-6ub2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r57f-7xw3-q2r9/GHSA-r57f-7xw3-q2r9.json	38.0.0
2026-04-01T13:11:32.473841+00:00	GithubOSV Importer	Fixing	VCID-z5ns-74uq-4uef	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-26wc-3wqp-g3rp/GHSA-26wc-3wqp-g3rp.json	38.0.0
2026-04-01T13:09:24.022680+00:00	GithubOSV Importer	Fixing	VCID-syz5-rzv5-ukhb	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-85wq-pqhp-hmq6/GHSA-85wq-pqhp-hmq6.json	38.0.0
2026-04-01T13:08:33.904165+00:00	GithubOSV Importer	Fixing	VCID-yq9y-tdnu-2uc3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4466-8jm4-448p/GHSA-4466-8jm4-448p.json	38.0.0
2026-04-01T12:50:19.186308+00:00	GitLab Importer	Fixing	VCID-z5ns-74uq-4uef	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2017-1000353.yml	38.0.0