Lucene search

[email protected]CVE-2018-1000193

HistoryJun 05, 2018 - 9:29 p.m.

CVE-2018-1000193

2018-06-0521:29:00

CWE-74

[email protected]

web.nvd.nist.gov

cve-2018-1000193

jenkins

vulnerability

control sequences

security issue

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

20.4%

JSON

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.

CPENameOperatorVersion
jenkins:jenkinsjenkinsle2.120
jenkins:jenkinsjenkinsle2.107.2
oracle:communications_cloud_native_core_automated_test_suiteoracle communications cloud native core automated test suiteeq1.9.0

CPE	Name	Operator	Version
jenkins:jenkins	jenkins	le	2.120
jenkins:jenkins	jenkins	le	2.107.2
oracle:communications_cloud_native_core_automated_test_suite	oracle communications cloud native core automated test suite	eq	1.9.0