PT-2018-9586 · Cloudbees+1 · Jenkins
Denis Shvedchenko
·
Publicado
2018-12-10
·
Atualizado
2022-05-13
·
CVE-2018-1000864
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Jenkins versions 2.153 and earlier
Jenkins LTS versions 2.138.3 and earlier
Description:
A denial of service issue exists that allows attackers with Overall/Read permission to cause a request handling thread to enter an infinite loop, potentially due to an issue in
CronTab.java.Recommendations:
For Jenkins versions 2.153 and earlier, update to a version later than 2.153 to resolve the issue.
For Jenkins LTS versions 2.138.3 and earlier, update to a version later than 2.138.3 to resolve the issue.
Correção
DoS
Infinite Loop
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jenkins