Description
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.
Remediation
References
Related Vulnerabilities
TYPO3 Improper Input Validation Vulnerability (CVE-2010-3716)
WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.15.2)
Moodle Resource Management Errors Vulnerability (CVE-2015-2268)
Joomla Improper Input Validation Vulnerability (CVE-2020-35616)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15098)