Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wY2hwLWM1dzgtNDdnY81A1Q
Hash collision attack vulnerability in Jenkins
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
Permalink: https://github.com/advisories/GHSA-pchp-c5w8-47gcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wY2hwLWM1dzgtNDdnY81A1Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 3 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-pchp-c5w8-47gc, CVE-2012-0785
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-0785
- https://access.redhat.com/security/cve/cve-2012-0785
- https://jenkins.io/security/advisory/2012-01-12/
- https://security-tracker.debian.org/tracker/CVE-2012-0785
- https://www.cloudbees.com/jenkins-security-advisory-2012-01-12
- http://www.openwall.com/lists/oss-security/2012/01/20/8
- https://github.com/advisories/GHSA-pchp-c5w8-47gc
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: < 1.424.2, >= 1.425, < 1.447Fixed in: 1.424.2, 1.447