CVE-2019-16555: A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing…

medium6.5CVSS 3.1

AVNACLPRLUINSUCNINAH

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
jenkins	alauda_devops_pipeline_plugin	—	—
jenkins	alauda_kubernetes_suport_plugin	—	—
jenkins	build_failure_analyzer	<= 1.24.1	—
jenkins	build_failure_analyzer_plugin	—	—
jenkins	gerrit_trigger_plugin	—	—
jenkins	ids_in_team_concert_plugin	—	—
jenkins	ids_to_allow_users_configuring_the_plugin	—	—
jenkins	jenkins_and_plugin	—	—
jenkins	mantis_plugin	—	—
jenkins	maven_release_plug-in_plugin	—	—
jenkins	mission_control_plugin	—	—
jenkins	pipeline_aggregator_view_plugin	—	—
jenkins	rapiddeploy_plugin	—	—
jenkins	redgate_sql_change_automation_plugin	—	—
jenkins	rundeck_plugin	—	—
jenkins	sctmexecutor_plugin	—	—
jenkins	spira_importer_plugin	—	—
jenkins	team_concert_plugin	—	—
jenkins	websphere_deployer_plugin	—	—
jenkins	weibo_plugin	—	—
jenkins_project	jenkins_build_failure_analyzer_plugin	unspecified – 1.24.1	—