Описание
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).
Ссылки
- Third Party AdvisoryVDB Entry
- Issue Tracking
- Patch
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Issue Tracking
- Patch
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
5.4 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406). Accessing these URLs now no longer results in a user record getting created, Jenkins will respond with 404 Not Found if no such user exists. When using the internal Jenkins user database, new users can be created via Manage Jenkins » Manage Users.
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation ...
EPSS
5.4 Medium
CVSS3
5.8 Medium
CVSS2