Cloudbees · Jenkins · CVE-2018-1000864
Name of the Vulnerable Software and Affected Versions:
Jenkins versions 2.153 and earlier
Jenkins LTS versions 2.138.3 and earlier
Description:
A denial of service issue exists that allows attackers with Overall/Read permission to cause a request handling thread to enter an infinite loop, potentially due to an issue in `CronTab.java`.
Recommendations:
For Jenkins versions 2.153 and earlier, update to a version later than 2.153 to resolve the issue.
For Jenkins LTS versions 2.138.3 and earlier, update to a version later than 2.138.3 to resolve the issue.