CVE-2018-1000408
Last modified
CVE-2018-1000408 is a vulnerability of currently unknown severity. A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory.. EPSS estimates a 1.47% chance of exploitation in the next 30 days.
Description
A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | <= 2.138.1 |
| Jenkins | Jenkins | <= 2.145 |
References
- http://www.securityfocus.com/bid/106532Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/106532Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000408?
How severe is CVE-2018-1000408?
How do I fix CVE-2018-1000408?
Are you affected by CVE-2018-1000408?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST