CVE-2012-0785 — Hash collision attack vulnerability in Jenkins

Description

Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."

How to fix CVE-2012-0785

To remediate CVE-2012-0785, upgrade the affected package to a fixed version below.

—upgrade to 1.447 or later

Is CVE-2012-0785 being exploited?

Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 1.425, < 1.447

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-0785
WEBaccess.redhat.com/security/cve/cve-2012-0785
WEBjenkins.io/security/advisory/2012-01-12
WEBsecurity-tracker.debian.org/tracker/CVE-2012-0785
WEB