Lucene search
JenkinsCVELIST:CVE-2019-1003011HistoryFeb 06, 2019 - 4:00 p.m.
CVE-2019-1003011
2019-02-0616:00:00
jenkins
www.cve.org
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.
CNA Affected
[
{
"product": "Jenkins Token Macro Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "2.5 and earlier"
}
]
}
]Related
osv
osv
CVE-2019-1003011
2019-02-06 16:29:00
prion
prion
Design/Logic Flaw
2019-02-06 16:29:00
nvd
nvd
CVE-2019-1003011
2019-02-06 16:29:00
cve
cve
CVE-2019-1003011
2019-02-06 16:29:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:24:17
redhatcve
redhatcve
CVE-2019-1003011
2019-02-07 11:50:30
github
github