Test ID:	1.3.6.1.4.1.25623.1.0.148712
Category:	Web application abuses
Title:	Jenkins HTTP/2 DoS Vulnerability (CVE-2022-2048) - Linux
Summary:	Jenkins is prone to an HTTP/2 denial of service (DoS); vulnerability in Jetty.
Description:	Summary: Jenkins is prone to an HTTP/2 denial of service (DoS) vulnerability in Jetty. Vulnerability Insight: Jenkins bundles Winstone-Jetty, a wrapper around Jetty, to act as HTTP and servlet server when started using java -jar jenkins.war. This is how Jenkins is run when using any of the installers or packages, but not when run using servlet containers such as Tomcat. Jenkins bundle versions of Jetty affected by the security vulnerability CVE-2022-2048. This vulnerability allows unauthenticated attackers to make the Jenkins UI unresponsive by exploiting Jetty's handling of invalid HTTP/2 requests, causing a denial of service. Affected Software/OS: Jenkins version 2.346.3 (LTS) and prior and 2.362 and prior. Solution: Update to version 2.361.1 (LTS), 2.363 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-2048 https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j Debian Security Information: DSA-5198 (Google Search) https://www.debian.org/security/2022/dsa-5198 https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html http://www.openwall.com/lists/oss-security/2022/09/09/2
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.