Description
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.
Remediation
References
Related Vulnerabilities
WordPress Plugin xili-language Multiple Unspecified Vulnerabilities (2.17.0)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.11)
XWikiplatform Missing Authorization Vulnerability (CVE-2025-23025)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7848)
MongoDb Insufficiently Protected Credentials Vulnerability (CVE-2021-32039)