CVE-2018-1000863
Summary
| CVE | CVE-2018-1000863 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-12-10 14:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jenkins | Jenkins | All | All | All | All |
| Application | Jenkins | Jenkins | All | All | All | All |
| Application | Redhat | Openshift Container Platform | 3.11 | All | All | All |
| Application | Redhat | Openshift Container Platform | 3.11 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [R2] Jenkins Forced Migration of User Records - Research Advisory | Tenable® | MISC | www.tenable.com | Exploit, Third Party Advisory |
| Jenkins Security Advisory 2018-12-05 | CONFIRM | jenkins.io | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Jenkins Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.