CVE-2018-1999043

High

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java,…

mitre·CWE-772·Published 2018-08-23

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

279 chars

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials.

NVDen

279 chars

OSV.deven

279 chars

GHSAen

279 chars

NVDes

331 chars

Existe una vulnerabilidad de denegación de servicio (DoS) en Jenkins en versiones 2.137 y anteriores y 2.121.2 y anteriores en BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java que permite que los atacantes creen registros de usuario efímeros en la memoria intentando iniciar sesión con credenciales no válidas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.0	Primary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H