CVE-2016-0789: Jenkins has CRLF Injection Vulnerability in the CLI

May 14, 2022 (updated March 13, 2025)

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References

access.redhat.com/errata/RHSA-2016:0711
github.com/advisories/GHSA-8p3c-m625-wh83
github.com/jenkinsci/jenkins
github.com/jenkinsci/jenkins/commit/f5c51fbad2b62b81dc1e0402aeee058a4a478046
nvd.nist.gov/vuln/detail/CVE-2016-0789
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24

Detect and mitigate CVE-2016-0789 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →