CVE-2012-0785

Uncontrolled Resource Consumption in maven/org.jenkins-ci.main/jenkins-core

Identifiers

GHSA-pchp-c5w8-47gc, CVE-2012-0785

Package Slug

maven/org.jenkins-ci.main/jenkins-core

Vulnerability

Uncontrolled Resource Consumption

Description

Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."

Affected Versions

All versions before 1.424.2, all versions starting from 1.425 before 1.447

Solution

Upgrade to versions 1.424.2, 1.447 or above.

Last Modified

2024-01-31

source