CVE-2019-1003011

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/02/2019
Last modified:
25/10/2023

Description

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:jenkins:token_macro:*:*:*:*:*:jenkins:*:* 2.5 (including)
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*