Description
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Booking Calendar Multiple Vulnerabilities (3.0.0)
Jenkins Incorrect Authorization Vulnerability (CVE-2023-27903)
WordPress Plugin Advanced Text Widget 'page' Parameter Cross-Site Scripting (2.0.0)
OpenSSL Other Vulnerability (CVE-2014-3569)
WordPress Plugin Video Gallery-Best WordPress YouTube Gallery Multiple Vulnerabilities (1.7.6)