Description

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.

Remediation

References

CVE-2018-1999043

Related Vulnerabilities

WordPress Plugin Subscriptions & Memberships for PayPal Cross-Site Scripting (1.1.2)

WordPress Plugin Ultimate Google Analytics Cross-Site Request Forgery (1.6.0)

WordPress Plugin PropertyHive Cross-Site Scripting (1.4.14)

WordPress Plugin Icon Widget Cross-Site Scripting (1.2.6)

Jetty Improper Resource Shutdown or Release Vulnerability (CVE-2022-2191)

Severity

High

Classification

CVE-2018-1999043 CWE-772 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities