CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
2013-02-24T22:55:01.097
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cloudbees | jenkins | 1.447.1.1 | Yes |
| Application | cloudbees | jenkins | 1.447.2.2 | Yes |
| Application | cloudbees | jenkins | 1.447.3.1 | Yes |
| Application | cloudbees | jenkins | 1.400 | Yes |
| Application | cloudbees | jenkins | 1.424 | Yes |
| Application | cloudbees | jenkins | 1.447 | Yes |
| Application | jenkins | jenkins | ≤ 1.466.2 | Yes |
| Application | jenkins | jenkins | 1.409.1 | Yes |
| Application | jenkins | jenkins | 1.409.2 | Yes |
| Application | jenkins | jenkins | 1.409.3 | Yes |
| Application | jenkins | jenkins | 1.424.1 | Yes |
| Application | jenkins | jenkins | 1.424.2 | Yes |
| Application | jenkins | jenkins | 1.424.3 | Yes |
| Application | jenkins | jenkins | 1.424.4 | Yes |
| Application | jenkins | jenkins | 1.424.5 | Yes |
| Application | jenkins | jenkins | 1.424.6 | Yes |
| Application | jenkins | jenkins | 1.447.1 | Yes |
| Application | jenkins | jenkins | 1.447.2 | Yes |
| Application | jenkins | jenkins | 1.466.1 | Yes |
| Application | cloudbees | jenkins | 1.466.1.2 | Yes |
| Application | cloudbees | jenkins | 1.466.2.1 | Yes |
| Application | cloudbees | jenkins | ≤ 1.480.3.1 | Yes |
| Application | jenkins | jenkins | 1.400 | Yes |
| Application | jenkins | jenkins | 1.401 | Yes |
| Application | jenkins | jenkins | 1.402 | Yes |
| Application | jenkins | jenkins | 1.403 | Yes |
| Application | jenkins | jenkins | 1.404 | Yes |
| Application | jenkins | jenkins | 1.405 | Yes |
| Application | jenkins | jenkins | 1.406 | Yes |
| Application | jenkins | jenkins | 1.407 | Yes |
| Application | jenkins | jenkins | 1.408 | Yes |
| Application | jenkins | jenkins | 1.409 | Yes |
| Application | jenkins | jenkins | 1.410 | Yes |
| Application | jenkins | jenkins | 1.411 | Yes |
| Application | jenkins | jenkins | 1.412 | Yes |
| Application | jenkins | jenkins | 1.413 | Yes |
| Application | jenkins | jenkins | 1.414 | Yes |
| Application | jenkins | jenkins | 1.415 | Yes |
| Application | jenkins | jenkins | 1.416 | Yes |
| Application | jenkins | jenkins | 1.417 | Yes |
| Application | jenkins | jenkins | 1.418 | Yes |
| Application | jenkins | jenkins | 1.419 | Yes |
| Application | jenkins | jenkins | 1.420 | Yes |
| Application | jenkins | jenkins | 1.421 | Yes |
| Application | jenkins | jenkins | 1.422 | Yes |
| Application | jenkins | jenkins | 1.423 | Yes |
| Application | jenkins | jenkins | 1.424 | Yes |
| Application | jenkins | jenkins | 1.425 | Yes |
| Application | jenkins | jenkins | 1.426 | Yes |
| Application | jenkins | jenkins | 1.427 | Yes |
| Application | jenkins | jenkins | 1.428 | Yes |
| Application | jenkins | jenkins | 1.429 | Yes |
| Application | jenkins | jenkins | 1.430 | Yes |
| Application | jenkins | jenkins | 1.431 | Yes |
| Application | jenkins | jenkins | 1.432 | Yes |
| Application | jenkins | jenkins | 1.433 | Yes |
| Application | jenkins | jenkins | 1.434 | Yes |
| Application | jenkins | jenkins | 1.435 | Yes |
| Application | jenkins | jenkins | 1.436 | Yes |
| Application | jenkins | jenkins | 1.437 | Yes |
| Application | cloudbees | jenkins | 1.424.0.2 | Yes |
| Application | cloudbees | jenkins | 1.424.0.4 | Yes |
| Application | cloudbees | jenkins | 1.424.1.1 | Yes |
| Application | cloudbees | jenkins | 1.424.2.1 | Yes |
| Application | cloudbees | jenkins | 1.424.4.1 | Yes |
| Application | cloudbees | jenkins | 1.424.5.1 | Yes |
| Application | cloudbees | jenkins | 1.424.6.1 | Yes |
| Application | cloudbees | jenkins | 1.424.6.11 | Yes |