Описание
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins-plugin-token-macro | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins-plugin-token-macro | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins-plugin-token-macro | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins-plugin-token-macro | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-enterprise-service-catalog | Fixed | RHBA-2019:0326 | 20.02.2019 |
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Fixed | RHBA-2019:0326 | 20.02.2019 |
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift-cluster-autoscaler | Fixed | RHBA-2019:0326 | 20.02.2019 |
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift-descheduler | Fixed | RHBA-2019:0326 | 20.02.2019 |
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift-dockerregistry | Fixed | RHBA-2019:0326 | 20.02.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.
Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS
EPSS
7.1 High
CVSS3