Description

jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).

Remediation

References

CVE-2017-2613

Related Vulnerabilities

Oracle Database Server CVE-2010-4421 Vulnerability (CVE-2010-4421)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder SQL Injection (1.14.2)

WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7118)

Citrix NetScaler Information Disclosure 'Citrix Bleed' (CVE-2023-4966)

Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-6931)

Severity

Medium

Classification

CVE-2017-2613 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Tags

Missing Update Known Vulnerabilities