Description
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.
Remediation
References
Related Vulnerabilities
Beego Framework Incorrect Default Permissions Vulnerability (CVE-2019-16355)
MySQL CVE-2020-14809 Vulnerability (CVE-2020-14809)
WordPress Plugin Plugmatter Optin Feature Box Multiple SQL Injection Vulnerabilities (2.0.13)
Magento Improper Authentication Vulnerability (CVE-2019-8108)
WordPress Plugin Ceceppa Multilingua Unspecified Vulnerability (1.5.3)