Note:
This project will be discontinued after December 13, 2021. [more]
2018-12-10
A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
Products | Jenkins, Openshift_container_platform |
Type | Permissions, Privileges, and Access Controls (CWE-264) |
First patch | - None (likely due to unavailable code) |
Links |
• http://www.securityfocus.com/bid/106176
• https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1193 • https://access.redhat.com/errata/RHBA-2019:0024 |