Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Max CVSS
5.0
EPSS Score
0.16%
Published
2016-05-17
Updated
2018-01-05
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."
Max CVSS
4.3
EPSS Score
0.20%
Published
2016-05-17
Updated
2018-01-05
2 vulnerabilities found