Описание
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
Ссылки
- Mailing ListThird Party Advisory
- Broken Link
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Broken Link
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.400.0 (включая) до 1.400.0.11 (исключая)Версия от 1.424.0 (включая) до 1.424.2.1 (исключая)Версия до 1.424.2 (исключая)Версия до 1.447 (исключая)
Одно из
cpe:2.3:a:cloudbees:jenkins:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:cloudbees:jenkins:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01868
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-400
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 6 лет назад
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
CVSS3: 7.5
debian
почти 6 лет назад
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins L ...
EPSS
Процентиль: 83%
0.01868
Низкий
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-400