What is the severity of CVE-2022-0538?

The severity of CVE-2022-0538 is high with a CVSS score of 7.5.

How does CVE-2022-0538 impact Jenkins?

CVE-2022-0538 can allow unconstrained resource usage and affects Jenkins versions 2.333 and earlier, as well as LTS 2.319.2 and earlier.

Which software versions are affected by CVE-2022-0538?

CVE-2022-0538 affects Jenkins versions 2.333 and earlier, as well as LTS 2.319.2 and earlier.

Are there any fixes available for CVE-2022-0538?

Yes, the fix for CVE-2022-0538 is not yet available. It is recommended to closely monitor the Jenkins security advisory for updates.

Where can I find more information about CVE-2022-0538?

You can find more information about CVE-2022-0538 in the Jenkins security advisory: https://www.jenkins.io/security/advisory/2022-02-09/#SECURITY-2602

Vulnerability/
CVE-2022-0538

high

7.5

CWE

502 693

9/2/2022

10/2/2022

22/12/2023

CVE-2022-0538

First published: Wed Feb 09 2022(Updated: )

Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
Jenkins Jenkins	<2.319.3
Jenkins Jenkins	<2.334
maven/org.jenkins-ci.main:jenkins-core	<2.319.3	2.319.3
maven/org.jenkins-ci.main:jenkins-core	>=2.320<2.334	2.334

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-0538?
The severity of CVE-2022-0538 is high with a CVSS score of 7.5.
How does CVE-2022-0538 impact Jenkins?
CVE-2022-0538 can allow unconstrained resource usage and affects Jenkins versions 2.333 and earlier, as well as LTS 2.319.2 and earlier.
Which software versions are affected by CVE-2022-0538?
CVE-2022-0538 affects Jenkins versions 2.333 and earlier, as well as LTS 2.319.2 and earlier.
Are there any fixes available for CVE-2022-0538?
Yes, the fix for CVE-2022-0538 is not yet available. It is recommended to closely monitor the Jenkins security advisory for updates.
Where can I find more information about CVE-2022-0538?
You can find more information about CVE-2022-0538 in the Jenkins security advisory: https://www.jenkins.io/security/advisory/2022-02-09/#SECURITY-2602

collector/nvd-index
collector/nvd-api
collector/github-advisory-latest
alias/GHSA-34wx-x2w9-vqm3
alias/CVE-2022-0538
collector/nvd-cve
collector/github-advisory
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/tags
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
vendor/jenkins
canonical/jenkins jenkins
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.