vulnerability
Jenkins Advisory 2017-10-11: CVE-2017-1000394: CVE-2016-3092: Jenkins core bundled vulnerable version of the commons-fileupload library
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Jul 4, 2016 | Jul 12, 2022 | Apr 23, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Jul 4, 2016
Added
Jul 12, 2022
Modified
Apr 23, 2025
Description
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins.
Solution(s)
jenkins-lts-upgrade-2_73_2jenkins-upgrade-2_84

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.