vulnerability

Red Hat OpenShift: CVE-2019-1003011: jenkins-plugin-token-macro: Recursive token expansion results in information disclosure and DoS in Token Macro Plugin (SECURITY-1102)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:P)
Published
Feb 6, 2019
Added
Mar 15, 2019
Modified
Apr 14, 2025

Description

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.

Solution(s)

linuxrpm-upgrade-atomic-enterprise-service-cataloglinuxrpm-upgrade-atomic-openshiftlinuxrpm-upgrade-atomic-openshift-cluster-autoscalerlinuxrpm-upgrade-atomic-openshift-deschedulerlinuxrpm-upgrade-atomic-openshift-dockerregistrylinuxrpm-upgrade-atomic-openshift-metrics-serverlinuxrpm-upgrade-atomic-openshift-node-problem-detectorlinuxrpm-upgrade-atomic-openshift-service-idlerlinuxrpm-upgrade-atomic-openshift-web-consolelinuxrpm-upgrade-golang-github-openshift-oauth-proxylinuxrpm-upgrade-golang-github-prometheus-alertmanagerlinuxrpm-upgrade-golang-github-prometheus-node_exporterlinuxrpm-upgrade-golang-github-prometheus-prometheuslinuxrpm-upgrade-haproxylinuxrpm-upgrade-jenkinslinuxrpm-upgrade-jenkins-2-pluginslinuxrpm-upgrade-openshift-ansiblelinuxrpm-upgrade-openshift-enterprise-autoheallinuxrpm-upgrade-openshift-enterprise-cluster-capacity

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today