Information Exposure and Denial of Service Flaw in Jenkins Token Macro Plugin
CVE-2019-1003011

8.1HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Token Macro Plugin
Vendor: CVE Published:; 6 February 2019

What is CVE-2019-1003011?

The Token Macro Plugin in Jenkins prior to version 2.6 contains a vulnerability that could lead to information exposure and denial of service. This vulnerability allows attackers who can manipulate macro inputs—particularly those from SCM changelogs—to craft recursive inputs that trigger unexpected macro evaluations. If exploited, this could compromise sensitive information and disrupt the functionality of Jenkins instances.