CVE-2012-0785
HIGH7.5EPSS 1.9%Hash collision attack vulnerability in Jenkins
發布日:2022/4/23修改日:2024/12/3
描述
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
受影響套件(1)
- Maven/org.jenkins-ci.main:jenkins-core>= 1.425, < 1.447
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-0785
- WEBhttps://access.redhat.com/security/cve/cve-2012-0785
- WEBhttps://jenkins.io/security/advisory/2012-01-12
- WEBhttps://security-tracker.debian.org/tracker/CVE-2012-0785
- WEBhttps://www.cloudbees.com/jenkins-security-advisory-2012-01-12
- WEBhttp://www.openwall.com/lists/oss-security/2012/01/20/8