Injection in Jenkins

🗓️ 13 May 2022 01:02:01Reported by GitHub Advisory DatabaseType

Improper control sequence vulnerability in Jenkins 2.120 and older allows users to sign up with usernames containing control characters, appearing as other users and cannot be deleted via UI

Reporter	Title	Published	Views	Family All 11
CVE	CVE-2018-1000193	5 Jun 201821:29	–	cve
Cvelist	CVE-2018-1000193	5 Jun 201821:00	–	cvelist
NVD	CVE-2018-1000193	5 Jun 201821:29	–	nvd
RedhatCVE	CVE-2018-1000193	6 Jun 201806:19	–	redhatcve
OSV	CVE-2018-1000193	5 Jun 201821:29	–	osv
OSV	Injection in Jenkins	13 May 202201:01	–	osv
Prion	Input validation	5 Jun 201821:29	–	prion
OpenVAS	Jenkins < 2.121 and < 2.107.3 LTS Multiple Vulnerabilities - Linux	7 Jun 201800:00	–	openvas
OpenVAS	Jenkins < 2.121 and < 2.107.3 LTS Multiple Vulnerabilities - Windows	7 Jun 201800:00	–	openvas
Tenable Nessus	Jenkins < 2.121 / < 2.107.3 (LTS) Multiple Vulnerabilities	5 Jun 201900:00	–	nessus

Vulners

Node

org.jenkins\-ci.main jenkins\-coreRange2.108–2.120

org.jenkins\-ci.main jenkins\-coreRange≤2.107.2

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-1000193
jenkins	www.jenkins.io/security/advisory/2018-05-09/
oracle	www.oracle.com/security-alerts/cpuapr2022.html
github	www.github.com/jenkinsci/jenkins/commit/de7aaab441151fb1760855fec83681c6a8756a45
github	www.github.com/advisories/GHSA-7592-93rm-6gpx

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 May 2022 01:01Current

4.7Medium risk

Vulners AI Score4.7

CVSS24

CVSS34.3

EPSS0.00877

CWE-74