CVE-2012-4438: Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access

April 23, 2022 (updated March 12, 2025)

Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438
github.com/advisories/GHSA-wr6p-j63r-xqhv
github.com/jenkinsci/jenkins
nvd.nist.gov/vuln/detail/CVE-2012-4438
security-tracker.debian.org/tracker/CVE-2012-4438
www.cloudbees.com/jenkins-security-advisory-2012-09-17

Detect and mitigate CVE-2012-4438 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →