CVE-2018-1999044

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.137 and earlier Jenkins versions 2.121.2 and earlier

Description A denial of service issue exists due to a form validation problem in CronTab.java for cron expressions. This issue can cause a request handling thread to enter an infinite loop when certain rare dates are entered, potentially resulting in a denial of service. Attackers with Overall/Read permission can exploit this issue.

Recommendations For Jenkins versions 2.137 and earlier, update to a version that fixes the Cron expression form validation issue to prevent infinite loops. For Jenkins versions 2.121.2 and earlier, update to a version that fixes the Cron expression form validation issue to prevent infinite loops. As a temporary workaround, consider restricting access to the cron expression form validation to minimize the risk of exploitation.