Information Exposure and Denial of Service Flaw in Jenkins Token Macro Plugin
CVE-2019-1003011
8.1HIGH
Summary
The Token Macro Plugin in Jenkins prior to version 2.6 contains a vulnerability that could lead to information exposure and denial of service. This vulnerability allows attackers who can manipulate macro inputs—particularly those from SCM changelogs—to craft recursive inputs that trigger unexpected macro evaluations. If exploited, this could compromise sensitive information and disrupt the functionality of Jenkins instances.
Affected Version(s)
Jenkins Token Macro Plugin 2.5 and earlier
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved