PT-2018-7139 · Cloudbees+1 · Jenkins

Jean Marsault

Published

2018-05-15

Updated

2022-05-13

CVE-2017-2613

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.32.2 Jenkins versions prior to 2.44

Description: The issue allows for a user creation CSRF using GET requests by administrators. This can lead to the creation of a large number of user records, although these records are typically only retained until the system restarts. Administrators' web browsers can be manipulated to create these user records.

Recommendations: For versions prior to 2.32.2, update to version 2.32.2 or later. For versions prior to 2.44, update to version 2.44 or later.

Fix

CSRF

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-770

Related Identifiers

CVE-2017-2613

GHSA-PWV6-872C-GCG6

Affected Products

Jenkins

PT-2018-7139 · Cloudbees+1 · Jenkins

CVE-2017-2613

Weakness Enumeration

Related Identifiers

Affected Products

References · 8