CVE-2018-1999044
Infinite Loop in Jenkins Core
6.5
MEDIUM
CVSS 3.1
EPSS 0.14%
Description
A Cron expression form validation could enter infinite loop, potentially resulting in denial of service. The form validation for cron expressions (e.g. "Poll SCM", "Build periodically") could enter infinite loops when cron expressions only matching certain rare dates were entered, blocking request handling threads indefinitely.
How to fix CVE-2018-1999044
To remediate CVE-2018-1999044, upgrade the affected package to a fixed version below.
- —upgrade to 2.138 or later
Is CVE-2018-1999044 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.138
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |