Description
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2007-1825)
Magento Cleartext Storage of Sensitive Information Vulnerability (CVE-2019-8118)
WordPress Plugin WP Simple Booking Calendar Cross-Site Request Forgery (1.3)
WordPress Plugin Divi Builder Cross-Site Scripting (2.17.2)
WordPress Plugin Modula Image Gallery Cross-Site Scripting (2.2.4)