A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106176 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHBA-2019:0024 | Third Party Advisory |
https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072 | Vendor Advisory |
https://www.tenable.com/security/research/tra-2018-43 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-12-10T14:00:00
Updated: 2019-03-13T09:57:01
Reserved: 2018-12-10T00:00:00
Link: CVE-2018-1000863
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-12-10T14:29:01.510
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-1000863
JSON object: View
Redhat Information
No data.
CWE