Description
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.
Remediation
References
http://www.securityfocus.com/bid/98062
https://jenkins.io/security/advisory/2017-04-26/
Related Vulnerabilities
CVE-2019-20365 Vulnerability in maven package org.igniterealtime.openfire:xmppserver
CVE-2017-18214 Vulnerability in maven package org.webjars.bower:moment
CVE-2021-41165 Vulnerability in npm package ckeditor4
CVE-2020-7793 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js
CVE-2020-14967 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign