DirectorySecurity Advisories
Sign In
Security Advisories

CGA-hvcm-wgg5-m9qh

Published

Last updated

https://images.chainguard.dev/security/CGA-hvcm-wgg5-m9qh
Package

jenkins-2.440

Latest Update
Fixed
Fixed Version

2.440.3-r0

Aliases
  • CVE-2024-22259
  • GHSA-hgjh-9rj2-g67j

Severity

8.1

High

CVSS V3

Summary

Spring Framework URL Parsing with Host Validation Vulnerability

Description

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation