CVE-2019-1003011

HIGH Year: 2019
CVSS v3 Score
8.1
High
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-674
View all →

Vulnerability Description

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.

Related Vulnerabilities

CVE-2019-10761

HIGH
CVSS:8.3(High)

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursi...

CWE-6742019

CVE-2018-9918

HIGH
CVSS:7.8(High)

libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the ...

CWE-6742018

CVE-2021-46509

HIGH
CVSS:7.8(High)

Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c.

CWE-6742021

CVE-2024-20311

HIGH
CVSS:8.6(High)

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to relo...

CWE-6742024