CVE-2019-1003011

HIGH

8.1

Descripcion

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.

Detalles CVE

Puntuacion CVSS v3.18.1

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado2/6/2019

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

jenkins:token_macroredhat:openshift_container_platform

Debilidades (CWE)

CWE-674

Referencias

https://access.redhat.com/errata/RHBA-2019:0326(jenkinsci-cert@googlegroups.com)

https://access.redhat.com/errata/RHBA-2019:0327(jenkinsci-cert@googlegroups.com)

https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102(jenkinsci-cert@googlegroups.com)

https://access.redhat.com/errata/RHBA-2019:0326(af854a3a-2127-422b-91ae-364da2661108)

https://access.redhat.com/errata/RHBA-2019:0327(af854a3a-2127-422b-91ae-364da2661108)

https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.