CVE-2017-1000356

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.56 and earlier Jenkins version 2.46.1 LTS and earlier

Description The issue exists in the Jenkins user database authentication realm. It allows creating an account if signup is enabled, or creating an account if the victim is an administrator. This could possibly delete the existing default admin user, allowing a wide variety of impacts.

Recommendations For Jenkins versions 2.56 and earlier, update to a version later than 2.56 to resolve the issue. For Jenkins version 2.46.1 LTS and earlier, update to a version later than 2.46.1 LTS to resolve the issue.