Description

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.

Remediation

References

CVE-2017-1000356

Related Vulnerabilities

WordPress Plugin Stripe Payment for WooCommerce Cross-Site Scripting (3.5.9)

WordPress Plugin Newsletter Unspecified Vulnerability (4.1.1)

WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster Security Bypass (2.6.4)

WordPress Plugin DMCA WaterMarker Cross-Site Scripting (1.0)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7934)

Severity

High

Classification

CVE-2017-1000356 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities