CVE-2018-1999044 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <2.138

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00118 pctl0.3131

Details

Infinite Loop in Jenkins Core A Cron expression form validation could enter infinite loop, potentially resulting in denial of service. The form validation for cron expressions (e.g. "Poll SCM", "Build periodically") could enter infinite loops when cron expressions only matching certain rare dates were entered, blocking request handling threads indefinitely.

Metadata

Created: 2022-05-13T01:50:55Z
Modified: 2022-11-02T00:42:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8qpf-fv36-h4r8/GHSA-8qpf-fv36-h4r8.json
CWE IDs: ["CWE-835"]
Alternative ID: GHSA-8qpf-fv36-h4r8
Finding: F138
Auto approve: 1