CGA-6v4j-fx6x-94x5

Published

Last updated

https://images.chainguard.dev/security/CGA-6v4j-fx6x-94x5

Package

jenkins

Latest Update

Fixed

Fixed Version

2.446-r0

Aliases

CVE-2024-22243
GHSA-ccgv-vj62-xf9h

Severity

8.1

High

CVSS V3

Summary

Spring Web vulnerable to Open Redirect or Server Side Request Forgery

Description

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-22243
https://github.com/advisories/GHSA-ccgv-vj62-xf9h
https://github.com/spring-projects/spring-framework
https://github.com/spring-projects/spring-framework/blob/main/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
https://security.netapp.com/advisory/ntap-20240524-0001
https://spring.io/security/cve-2024-22243

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-6v4j-fx6x-94x5

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources