{ "threat_severity" : "Moderate", "public_date" : "2025-12-10T16:50:35Z", "bugzilla" : { "description" : "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling", "id" : "2420998", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420998" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-459", "details" : [ "Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.", "Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service." ], "affected_release" : [ { "product_name" : "OpenShift Developer Tools and Services 4.12", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23487", "cpe" : "cpe:/a:redhat:ocp_tools:4.12::el8", "package" : "ocp-tools-4/jenkins-rhel8:sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3" }, { "product_name" : "OpenShift Developer Tools and Services 4.13", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23482", "cpe" : "cpe:/a:redhat:ocp_tools:4.13::el8", "package" : "ocp-tools-4/jenkins-rhel8:sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3" }, { "product_name" : "OpenShift Developer Tools and Services 4.14", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23485", "cpe" : "cpe:/a:redhat:ocp_tools:4.14::el8", "package" : "ocp-tools-4/jenkins-rhel8:sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa" }, { "product_name" : "OpenShift Developer Tools and Services 4.15", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23486", "cpe" : "cpe:/a:redhat:ocp_tools:4.15::el8", "package" : "ocp-tools-4/jenkins-rhel8:sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa" }, { "product_name" : "OpenShift Developer Tools and Services 4.16", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23490", "cpe" : "cpe:/a:redhat:ocp_tools:4.16::el9", "package" : "ocp-tools-4/jenkins-rhel9:sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed" }, { "product_name" : "OpenShift Developer Tools and Services 4.17", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23489", "cpe" : "cpe:/a:redhat:ocp_tools:4.17::el9", "package" : "ocp-tools-4/jenkins-rhel9:sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed" }, { "product_name" : "OpenShift Developer Tools and Services 4.18", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23492", "cpe" : "cpe:/a:redhat:ocp_tools:4.18::el9", "package" : "ocp-tools-4/jenkins-rhel9:sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed" }, { "product_name" : "OpenShift Developer Tools and Services 4.19", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23488", "cpe" : "cpe:/a:redhat:ocp_tools:4.19::el9", "package" : "ocp-tools-4/jenkins-rhel9:sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed" }, { "product_name" : "OpenShift Developer Tools and Services 4.2", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23491", "cpe" : "cpe:/a:redhat:ocp_tools:4.20::el9", "package" : "ocp-tools-4/jenkins-rhel9:sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-67635\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-67635\nhttps://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630" ], "name" : "CVE-2025-67635", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }