Description
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0798)
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3)
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6417)
WordPress Plugin Recent Backups Arbitrary File Download (0.7)
LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16185)