BIT-jenkins-2025-59476

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/jenkins/BIT-jenkins-2025-59476.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-jenkins-2025-59476

Aliases

Published

2025-09-19T09:57:11.182Z

Modified

2025-11-06T13:25:46.476Z

Summary

[none]

Details

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may mislead administrators reviewing log output.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:maven:*:*"
    ]
}

References

Affected packages

Bitnami / jenkins

Package

Name: jenkins
Purl: pkg:bitnami/jenkins

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.516.3

Introduced

2.517.0

Fixed

2.528.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/jenkins/BIT-jenkins-2025-59476.json"