Description
A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.
Remediation
References
http://www.securityfocus.com/bid/106176
https://access.redhat.com/errata/RHBA-2019:0024
https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072
https://www.tenable.com/security/research/tra-2018-43
Related Vulnerabilities
CVE-2019-10791 Vulnerability in npm package promise-probe
CVE-2016-11024 Vulnerability in maven package org.odata4j:odata4j-core
CVE-2020-15168 Vulnerability in npm package node-fetch
CVE-2019-3894 Vulnerability in maven package org.wildfly:wildfly-ee
CVE-2019-0199 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core