CVE-2019-1003011Uncontrolled Recursion in Jenkins Token Macro

CWE-674Uncontrolled RecursionCWE-96Static Code Injection7 documents7 sources
Severity
8.1HIGHNVD
EPSS
0.6%
top 31.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Jenkins Token MacroJenkins Project Jenkins Token Macro PluginRedhat Openshift Container Platform
Timeline
PublishedFeb 6
Latest updateMay 13

Description

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

Also affects: Openshift Container Platform 3.11

🔴Vulnerability Details

3
OSV
Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS2022-05-13
GHSA
Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS2022-05-13
CVEList
CVE-2019-1003011: An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 22019-02-06

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2019-01-282019-01-28
Red Hat
jenkins-plugin-token-macro: Recursive token expansion results in information disclosure and DoS in Token Macro Plugin (SECURITY-1102)2019-01-28

💬Community

1
Bugzilla
CVE-2019-1003011 jenkins-plugin-token-macro: Recursive token expansion results in information disclosure and DoS in Token Macro Plugin (SECURITY-1102)2019-01-29
CVE-2019-1003011 — Uncontrolled Recursion in Jenkins | cvebase