Описание
A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.2 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.3 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.4 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.5 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Fixed | RHBA-2019:0024 | 10.01.2019 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1656948jenkins: potential denial of service through cron expression form validation (SECURITY-1193)
EPSS
Процентиль: 44%
0.00216
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
около 7 лет назад
A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
CVSS3: 6.5
debian
около 7 лет назад
A denial of service vulnerability exists in Jenkins 2.153 and earlier, ...
CVSS3: 6.5
github
больше 3 лет назад
Loop with Unreachable Exit Condition in Jenkins
EPSS
Процентиль: 44%
0.00216
Низкий
7.5 High
CVSS3