Description
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.
Remediation
References
Related Vulnerabilities
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.2.0)
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
Oracle Database Server CVE-2019-2518 Vulnerability (CVE-2019-2518)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-17485)
WordPress Plugin WordPress Ad Widget Local File Inclusion (2.11.0)