Description

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.

Remediation

References

CVE-2018-1000193

Related Vulnerabilities

WordPress Plugin Stream SQL Injection (3.8.1)

WordPress Plugin WordPress Ultra Simple Paypal Shopping Cart Multiple Cross-Site Scripting Vulnerabilities (4.3.9.0)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Multiple Vulnerabilities (2.0.15)

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Multiple Vulnerabilities (2.1.5)

SharePoint Improper Input Validation Vulnerability (CVE-2013-0081)

Severity

Medium

Classification

CVE-2018-1000193 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities