GitHub Advisory DatabaseGHSA-23H9-M55M-C5JPJenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
0.002 Low
EPSS
Percentile
64.7%
Jenkins Token Macro Plugin recursively applied token expansion.
This could be used by users able to affect input to token expansion (such as change log messages), to inject additional tokens into the input, which would then be expanded, resulting in information disclosure (for example values of environment variables), or denial of service.
Most tokens have been changed to no longer recursively apply token expansion.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.jenkins-ci.plugins:token-macro | le | 2.5 |
References
access.redhat.com/errata/RHBA-2019:0326
access.redhat.com/errata/RHBA-2019:0327
github.com/advisories/GHSA-23h9-m55m-c5jp
github.com/jenkinsci/token-macro-plugin/commit/70163600031ea8d43833e6eea928f8fa2e44f96a
jenkins.io/security/advisory/2019-01-28/#SECURITY-1102
nvd.nist.gov/vuln/detail/CVE-2019-1003011
Related
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
0.002 Low
EPSS
Percentile
64.7%