Описание
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.24.1 (включая)
cpe:2.3:a:jenkins:build_failure_analyzer:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 32%
0.00125
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-400
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin
EPSS
Процентиль: 32%
0.00125
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-400