Overview
- Description
- Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-400
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2BD5920-1705-491C-B23A-AD4929B0902F",
"versionEndExcluding": "1.400.0.11",
"versionStartIncluding": "1.400.0"
},
{
"criteria": "cpe:2.3:a:cloudbees:jenkins:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EFD9076-D5DE-45D3-A8B7-6F30FD144D22",
"versionEndExcluding": "1.424.2.1",
"versionStartIncluding": "1.424.0"
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5173CE5-0232-424F-ACB6-DF2F3A42C293",
"versionEndExcluding": "1.424.2"
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A27C3A8-57F9-4D0B-A027-F035641F1AB1",
"versionEndExcluding": "1.447"
}
],
"operator": "OR"
}
]
}
]