Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04cXBmLWZ2MzYtaDRyOM4AASyL
Infinite Loop in Jenkins Core
A Cron expression form validation could enter infinite loop, potentially resulting in denial of service. The form validation for cron expressions (e.g. "Poll SCM", "Build periodically") could enter infinite loops when cron expressions only matching certain rare dates were entered, blocking request handling threads indefinitely.
Permalink: https://github.com/advisories/GHSA-8qpf-fv36-h4r8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04cXBmLWZ2MzYtaDRyOM4AASyL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-8qpf-fv36-h4r8, CVE-2018-1999044
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1999044
- https://jenkins.io/security/advisory/2018-08-15/#SECURITY-790
- https://github.com/jenkinsci/jenkins/commit/e5046911c57e60a1d6d8aca9b21bd9093b0f3763
- https://github.com/advisories/GHSA-8qpf-fv36-h4r8
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: < 2.138Fixed in: 2.138