CVE-2021-21607

Опубликовано: 13 янв. 2021

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Fuse 7	jenkins	Not affected
Red Hat OpenShift Container Platform 3.11	jenkins	Fixed	RHSA-2021:0637	03.03.2021
Red Hat OpenShift Container Platform 4.5	conmon	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	jenkins	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	machine-config-daemon	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	openshift	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	openshift-ansible	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	openshift-clients	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.5	runc	Fixed	RHSA-2021:0429	03.03.2021
Red Hat OpenShift Container Platform 4.6	jenkins	Fixed	RHSA-2021:0423	17.02.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-770

https://bugzilla.redhat.com/show_bug.cgi?id=1925156jenkins: Excessive memory allocation in graph URLs leads to denial of service

EPSS

Процентиль: 56%

0.00332

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-21607

CVSS3: 6.5

nvd

около 5 лет назад

CVE-2021-21607

CVSS3: 6.5

debian

около 5 лет назад

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit size ...

GHSA-cxqw-vjcr-gp5g

CVSS3: 6.5

github

больше 3 лет назад

Excessive memory allocation in graph URLs leads to denial of service in Jenkins

EPSS

Процентиль: 56%

0.00332

Низкий

6.5 Medium

CVSS3