Lucene search
K

CVE-2018-1000408

🗓️ 09 Jan 2019 23:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 153 Views🌐 WEB

A denial of service vulnerability in Jenkins 2.145 and earlier allows attackers to access a specific URL without permission, leading to creation of an ephemeral user record in memory

Related
Detection
Refs
Paths
NVD
Node
jenkinsjenkinsRange2.138.1lts
OR
jenkinsjenkinsRange2.145-
ParameterPositionPathDescriptionCWE
qquery paramsecurityRealm/user/admin/search/indexACL bypass via Jenkins dynamic routing vulnerability (CVE-2019-1003000/related) allowing access to ACL-protected area without Overall/Read permission.
qquery paramsearch/indexACL bypass trigger point to enumerate/confirm administrator via search endpoint.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 01:32Current
6.3Medium risk
Vulners AI Score6.3
CVSS 26.4
CVSS 36.5
EPSS0.0147
153