An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-1893 An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.
Github GHSA Github GHSA GHSA-23h9-m55m-c5jp Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published:

Updated: 2024-08-05T03:00:19.329Z

Reserved: 2019-02-06T00:00:00

Link: CVE-2019-1003011

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-02-06T16:29:00.623

Modified: 2024-11-21T04:17:44.177

Link: CVE-2019-1003011

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-01-28T00:00:00Z

Links: CVE-2019-1003011 - Bugzilla

cve-icon OpenCVE Enrichment

No data.