Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1wY2hwLWM1dzgtNDdnY81A1Q

Hash collision attack vulnerability in Jenkins

Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."

Permalink: https://github.com/advisories/GHSA-pchp-c5w8-47gc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wY2hwLWM1dzgtNDdnY81A1Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 3 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-pchp-c5w8-47gc, CVE-2012-0785
References:

• https://nvd.nist.gov/vuln/detail/CVE-2012-0785
• https://access.redhat.com/security/cve/cve-2012-0785
• https://jenkins.io/security/advisory/2012-01-12/
• https://security-tracker.debian.org/tracker/CVE-2012-0785
• https://www.cloudbees.com/jenkins-security-advisory-2012-01-12
• http://www.openwall.com/lists/oss-security/2012/01/20/8
• https://github.com/advisories/GHSA-pchp-c5w8-47gc

Blast Radius: 1.0

Affected Packages