PT-2018-7139 · Cloudbees+1 · Jenkins

Jean Marsault

Publicado

2018-05-15

Atualizado

2022-05-13

CVE-2017-2613

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.32.2 Jenkins versions prior to 2.44

Description: The issue allows for a user creation CSRF using GET requests by administrators. This can lead to the creation of a large number of user records, although these records are typically only retained until the system restarts. Administrators' web browsers can be manipulated to create these user records.

Recommendations: For versions prior to 2.32.2, update to version 2.32.2 or later. For versions prior to 2.44, update to version 2.44 or later.

Correção

CSRF

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352CWE-770

Identificadores relacionados

CVE-2017-2613

GHSA-PWV6-872C-GCG6

Produtos afetados

Jenkins

PT-2018-7139 · Cloudbees+1 · Jenkins

CVE-2017-2613

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8