Description
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.
Remediation
References
Related Vulnerabilities
WordPress Plugin Edit Author Slug Cross-Site Scripting (1.0.5.1)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.23)
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.1)
Python Files or Directories Accessible to External Parties Vulnerability (CVE-2019-13404)
WordPress 'wp-db.php' Character Set SQL Injection Vulnerability (2.0 - 2.3.1)