Home > Vulnerability Database > CVE-2018-1000863

Mend.io Vulnerability Database

CVE-2018-1000863

Good to know:

Date: December 10, 2018

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.

Language: Java

Severity Score

8.2

Related Resources (9)

Url: https://github.com/jenkinsci/jenkins/commit/7bae6dd6ef23af988801d38dc0f8f693bc6283f8

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-1000863

Url: http://www.securityfocus.com/bid/106176

Url: https://access.redhat.com/errata/RHBA-2019:0024

Url: https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072

Url: https://github.com/jenkinsci/jenkins

Url: https://www.tenable.com/security/research/tra-2018-43

Url: https://github.com/jenkinsci/jenkins/commit/4ed66e5838476e575a83c3cd13fffb37eefa2f48

Url: https://www.mend.io/vulnerability-database/CVE-2018-1000863

Severity Score

8.2

Weakness Type (CWE)

Improper Access Control

CWE-284

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.main:jenkins-core:2.138.4,2.154

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-1000863

Good to know:

Date: December 10, 2018

Language: Java

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?