PT-2018-9586 · Cloudbees+1 · Jenkins

Denis Shvedchenko

Published

2018-12-10

Updated

2022-05-13

CVE-2018-1000864

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.153 and earlier Jenkins LTS versions 2.138.3 and earlier

Description: A denial of service issue exists that allows attackers with Overall/Read permission to cause a request handling thread to enter an infinite loop, potentially due to an issue in CronTab.java.

Recommendations: For Jenkins versions 2.153 and earlier, update to a version later than 2.153 to resolve the issue. For Jenkins LTS versions 2.138.3 and earlier, update to a version later than 2.138.3 to resolve the issue.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2018-1000864

GHSA-9CJV-93G7-C6MV

Affected Products

Jenkins

PT-2018-9586 · Cloudbees+1 · Jenkins

CVE-2018-1000864

Weakness Enumeration

Related Identifiers

Affected Products

References · 8