QwikSec

Security Database

CVE

CWE

Training

CVE-2019-16555

Published: Dec 17, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.

Vendor	Product	Versions
Jenkins project	Jenkins Build Failure Analyzer Plugin	affected `unspecified - <= 1.24.1`

References

https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1651

x_refsource_CONFIRM

[oss-security] 20191217 Multiple vulnerabilities in Jenkins plugins

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.