CVE-2018-1000863
N/A
N/A
Summary
A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072
- https://access.redhat.com/errata/RHBA-2019:0024
- http://www.securityfocus.com/bid/106176
- https://www.tenable.com/security/research/tra-2018-43
References
- https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072
- https://access.redhat.com/errata/RHBA-2019:0024
- http://www.securityfocus.com/bid/106176
- https://www.tenable.com/security/research/tra-2018-43
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.