Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged
(browse all)
updated 2 days, 14 hours ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse removed
    10 packages
    • jenkins-job-builder
    • python312Packages.jenkinsapi
    • python313Packages.jenkinsapi
    • python314Packages.jenkinsapi
    • python312Packages.python-jenkins
    • python313Packages.python-jenkins
    • python314Packages.python-jenkins
    • python312Packages.jenkins-job-builder
    • python313Packages.jenkins-job-builder
    • python314Packages.jenkins-job-builder
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS …

Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."

Affected products

Jenkins
  • ==before 1.447
Jenkins LTS
  • ==before 1.424.2
Jenkins Enterprise by CloudBees
  • ==1.400.x before 1.400.0.11
  • ==1.424.x before 1.424.2.1

Matching in nixpkgs

Ignored packages (10)

Package maintainers