CVE-2019-1003022 - Vulnerability Details

Vendors	Products
Jenkins	Monitoring

Link	Providers
https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Jenkins Monitoring Plugin", "vendor": "Jenkins project", "versions": [{"status": "affected", "version": "1.74.0 and earlier"}]}], "dateAssigned": "2019-02-06T00:00:00", "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T16:44:55.687Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "DATE_ASSIGNED": "2019-02-06T02:59:03.181409", "ID": "CVE-2019-1003022", "REQUESTER": "ml@beckweb.net", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins Monitoring Plugin", "version": {"version_data": [{"version_value": "1.74.0 and earlier"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352"}]}]}, "references": {"reference_data": [{"name": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:00:19.439Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153"}]}]}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2019-1003022", "datePublished": "2019-02-06T16:00:00Z", "dateReserved": "2019-02-06T00:00:00Z", "dateUpdated": "2024-09-16T23:55:36.914Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Jenkins Monitoring Plugin (string)

vendor : Jenkins project (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.74.0 and earlier (string)

}

]

}

]

dateAssigned : 2019-02-06T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. (string)

}

]

providerMetadata : { »

orgId : 39769cd5-e6e2-4dc8-927e-97b3aa056f5b (string)

shortName : jenkins (string)

dateUpdated : 2023-10-24T16:44:55.687Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : jenkinsci-cert@googlegroups.com (string)

DATE_ASSIGNED : 2019-02-06T02:59:03.181409 (string)

ID : CVE-2019-1003022 (string)

REQUESTER : ml@beckweb.net (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Jenkins Monitoring Plugin (string)

version : { »

version_data : [ »

0 : { »

version_value : 1.74.0 and earlier (string)

}

]

}

]

}

vendor_name : Jenkins project (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-352 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153 (string)

refsource : CONFIRM (string)

url : https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T03:00:19.439Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 39769cd5-e6e2-4dc8-927e-97b3aa056f5b (string)

assignerShortName : jenkins (string)

cveId : CVE-2019-1003022 (string)

datePublished : 2019-02-06T16:00:00Z (string)

dateReserved : 2019-02-06T00:00:00Z (string)

dateUpdated : 2024-09-16T23:55:36.914Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:monitoring:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "D8BDCE7E-DC03-43C1-89E8-1F4A2BFE35A0", "versionEndIncluding": "1.74.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en Jenkins Monitoring Plugin, en versiones 1.74.0 y anteriores, en PluginImpl.java, que permite que los atacantes maten hilos que se ejecutan en el maestro de Jenkins."}], "id": "CVE-2019-1003022", "lastModified": "2024-11-21T04:17:45.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-06T16:29:01.030", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:jenkins:monitoring:*:*:*:*:*:jenkins:*:* (string)

matchCriteriaId : D8BDCE7E-DC03-43C1-89E8-1F4A2BFE35A0 (string)

versionEndIncluding : 1.74.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A denial of service vulnerability exists in Jenkins Monitoring Plugin 1.74.0 and earlier in PluginImpl.java that allows attackers to kill threads running on the Jenkins master. (string)

}

1 : { »

lang : es (string)

value : Existe una vulnerabilidad de denegación de servicio (DoS) en Jenkins Monitoring Plugin, en versiones 1.74.0 y anteriores, en PluginImpl.java, que permite que los atacantes maten hilos que se ejecutan en el maestro de Jenkins. (string)

}

]

id : CVE-2019-1003022 (string)

lastModified : 2024-11-21T04:17:45.420 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-02-06T16:29:01.030 (string)

references : [ »

0 : { »

source : jenkinsci-cert@googlegroups.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1153 (string)

}

]

sourceIdentifier : jenkinsci-cert@googlegroups.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-352 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object