Published: 23/08/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A denial of service vulnerability exists in Jenkins 2.137 and previous versions, 2.121.2 and previous versions in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows malicious users to create ephemeral in-memory user records by attempting to log in using invalid credentials.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins jenkins

A denial of service vulnerability exists in Jenkins 2137 and earlier, 21212 and earlier in BasicAuthenticationFilterjava, BasicHeaderApiTokenAuthenticatorjava that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials ...

A security issue has been found in Jenkins version prior to 2146 When attempting to authenticate using API token, an ephemeral user record was created to validate the token in case an external security realm was used, and the user record in Jenkins not previously saved, as (legacy) API tokens could exist without a persisted user record This beha ...

CWE-772 https://jenkins.io/security/advisory/2018-08-15/#SECURITY-672 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-1999043 https://security.archlinux.org/CVE-2018-1999043

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-1999043

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect