Описание
Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.
Ссылки
- Mailing List
- Vendor Advisory
- Mailing List
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1190.v65867a_a_47126 (исключая)
cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 55%
0.00319
Низкий
7.5 High
CVSS3
Дефекты
CWE-326
Связанные уязвимости
CVSS3: 8
redhat
около 3 лет назад
Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.
CVSS3: 8
github
около 3 лет назад
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
EPSS
Процентиль: 55%
0.00319
Низкий
7.5 High
CVSS3
Дефекты
CWE-326