Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka “the Hash DoS attack.”
[
{
"product": "Jenkins",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "before 1.447"
}
]
},
{
"product": "Jenkins LTS",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "before 1.424.2"
}
]
},
{
"product": "Jenkins Enterprise by CloudBees",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "1.424.x before 1.424.2.1"
},
{
"status": "affected",
"version": "1.400.x before 1.400.0.11"
}
]
}
]