A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jenkins | Jenkins | * | 2.138.3 (including) |
Jenkins | Jenkins | * | 2.153 (including) |
Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-0:2.138.4.1544416383-1.el7 | * |