Description
A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.
Remediation
References
http://www.securityfocus.com/bid/106176
https://access.redhat.com/errata/RHBA-2019:0024
https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072
https://www.tenable.com/security/research/tra-2018-43
Related Vulnerabilities
CVE-2017-18869 Vulnerability in maven package org.webjars.npm:chownr
CVE-2018-19056 Vulnerability in npm package editor.md
CVE-2023-45648 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-32314 Vulnerability in maven package org.webjars.npm:vm2
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api