CVE-2012-0785Uncontrolled Resource Consumption in Jenkins

CWE-400Uncontrolled Resource Consumption6 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.9%
top 16.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cloudbees JenkinsJenkinsJenkins Project Jenkins+2 more
Timeline
PublishedFeb 24
Latest updateApr 23

Description

Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

CVEListV5jenkins_project/jenkins_enterprise_by_cloudbees1.400.x before 1.400.0.11, 1.424.x before 1.424.2.1+1
NVDcloudbees/jenkins1.400.01.400.0.11+1
NVDjenkins/jenkins< 1.424.2+1
CVEListV5jenkins_project/jenkinsbefore 1.447
CVEListV5jenkins_project/jenkins_ltsbefore 1.424.2

🔴Vulnerability Details

3
GHSA
Hash collision attack vulnerability in Jenkins2022-04-23
OSV
Hash collision attack vulnerability in Jenkins2022-04-23
CVEList
CVE-2012-0785: Hash collision attack vulnerability in Jenkins before 12020-02-24

💬Community

1
Bugzilla
CVE-2012-0785 jenkins: hash collision allow remote attackers to cause a considerable CPU load resulting in Hash DoS2020-03-05
CVE-2012-0785 — Uncontrolled Resource Consumption | cvebase