February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-45395 – Jenkins CCCC Plugin Vulnerability
November 17, 2022Rewterz Threat Advisory – CVE-2022-45397 – Jenkins OSF Builder Suite :: XML Linter Plugin Vulnerability
November 17, 2022Rewterz Threat Advisory – CVE-2022-45395 – Jenkins CCCC Plugin Vulnerability
November 17, 2022Rewterz Threat Advisory – CVE-2022-45397 – Jenkins OSF Builder Suite :: XML Linter Plugin Vulnerability
November 17, 2022
Severity
Medium
Analysis Summary
CVE-2022-45396
Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
Impact
Gain Access
Indicators Of Compromise
CVE
- CVE-2022-45396
Affected Vendors
Jenkins
Affected Products
- Jenkins SourceMonitor Plugin 0.2
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.