Description
A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.
Remediation
References
http://www.securityfocus.com/bid/106176
https://access.redhat.com/errata/RHBA-2019:0024
https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072
https://www.tenable.com/security/research/tra-2018-43
Related Vulnerabilities
CVE-2021-25943 Vulnerability in npm package 101
CVE-2014-0113 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2021-23370 Vulnerability in npm package swiper
CVE-2017-16116 Vulnerability in maven package org.webjars.npm:string
CVE-2019-13990 Vulnerability in maven package org.quartz-scheduler.internal:quartz-core