DirectorySecurity Advisories
Sign In
Security Advisories

CGA-q3hr-q8wm-wcrp

Published

Last updated

https://images.chainguard.dev/security/CGA-q3hr-q8wm-wcrp
Package

jenkins

Latest Update
Fixed
Fixed Version

2.450-r0

Aliases
  • CVE-2024-22259
  • GHSA-hgjh-9rj2-g67j

Severity

8.1

High

CVSS V3

Summary

Spring Framework URL Parsing with Host Validation Vulnerability

Description

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation