PT-2018-15222 · Jenkins · Jenkins

Nimrod Stoler

Published

2018-08-23

Updated

2022-05-13

CVE-2018-1999043

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.137 Jenkins versions prior to 2.121.2

Description A denial of service issue exists that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials, specifically affecting files BasicAuthenticationFilter.java and BasicHeaderApiTokenAuthenticator.java.

Recommendations For versions prior to 2.137, update to a version that includes the fix for this issue. For versions prior to 2.121.2, update to a version that includes the fix for this issue.

Fix

DoS

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2018-1999043

GHSA-2632-H32J-6RG9

Affected Products

Jenkins

PT-2018-15222 · Jenkins · Jenkins

CVE-2018-1999043

Weakness Enumeration

Related Identifiers

Affected Products

References · 5