{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T21:57:08.740","vulnerabilities":[{"cve":{"id":"CVE-2019-1003011","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2019-02-06T16:29:00.623","lastModified":"2024-11-21T04:17:44.177","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation."},{"lang":"es","value":"Existe una vulnerabilidad de exposición de información en Jenkins Token Macro Plugin, en versiones 2.5 y anteriores, en src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java y src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java, que permite que los atacantes con la capacidad de controlar entradas de macros de tokens (como los registros de cambios de SCM) definan entradas recursivas que resultan en una evaluación inesperada de las macros."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:token_macro:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"2.5","matchCriteriaId":"4798BE21-A4AD-4B21-A194-0184FB2C076C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*","matchCriteriaId":"2F87326E-0B56-4356-A889-73D026DB1D4B"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHBA-2019:0326","source":"jenkinsci-cert@googlegroups.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHBA-2019:0327","source":"jenkinsci-cert@googlegroups.com","tags":["Third Party Advisory"]},{"url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHBA-2019:0326","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHBA-2019:0327","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1102","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}