Description
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.
Remediation
References
Related Vulnerabilities
WordPress Plugin Awesome Support-WordPress HelpDesk & Support Multiple Vulnerabilities (4.3.1)
WordPress Plugin Pym.js Embeds Cross-Site Scripting (1.3.2)
WordPress Plugin Flash Photo Gallery Cross-Site Scripting (0.7)
MySQL CVE-2020-2779 Vulnerability (CVE-2020-2779)
IBM WebSEAL URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-4153)