CVE-2018-1000193
Last modified
CVE-2018-1000193 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.. EPSS estimates a 1.04% chance of exploitation in the next 30 days.
Description
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | <= 2.120 |
| Jenkins | Jenkins | <= 2.107.2 |
| Oracle | Communications Cloud Native Core Automated Test Suite | 1.9.0 |
References
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000193?
How severe is CVE-2018-1000193?
How do I fix CVE-2018-1000193?
Are you affected by CVE-2018-1000193?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST