ASA-2019-00094 – Jenkins: Recursive token expansion results in information disclosure and DoS in Token Macro Plugin

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00094

Identifier(s)

ASA-2019-00094, SECURITY-1102, CVE-2019-1003011

Title

Recursive token expansion results in information disclosure and DoS in Token Macro Plugin

Vendor(s)

CloudBees, Inc

Product(s)

Jenkins

Affected version(s)

Token Macro Plugin up to and including 2.5

Fixed version(s)

Token Macro Plugin version 2.6

Proof of concept

Unknown

Description

This could be used by users able to affect input to token expansion (such as change log messages), to inject additional tokens into the input, which would then be expanded, resulting in information disclosure (for example values of environment variables), or denial of service.

Technical details

Unknown

Credits

Andy Caldwell (Metaswitch Networks) and Chris Swindle (Metaswitch Networks)

Reference(s)

Jenkins Security Advisory 2019-01-28
https://jenkins.io/security/advisory/2019-01-28

Jenkins Plugin
https://plugins.jenkins.io/token-macro

CVE-2019-1003011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1003011

CVE-2019-1003011
https://nvd.nist.gov/vuln/detail/CVE-2019-1003011

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: February 24, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.