Home

CVE-2018-1000193

Description

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.759

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Jenkins 2.120Windows
Vulnerabilities CVE-2018-1000192,CVE-2018-1000193,CVE-2018-1000194,CVE-2018-1000195 are fixed in Jenkins-Core 2.107.3Windows
Vulnerabilities CVE-2018-1000192,CVE-2018-1000193,CVE-2018-1000194,CVE-2018-1000195 are fixed in Jenkins-Core 2.121Windows
Multiple vulnerabilities affected in Jenkins 2.120 (For Ubuntu)Linux
Multiple vulnerabilities affected in Jenkins 2.120 (For Debian)Linux
Multiple vulnerabilities affected in Jenkins 2.120 (For Centos)Linux
Multiple vulnerabilities affected in Jenkins 2.120 (For RedHat)Linux
Multiple vulnerabilities affected in Jenkins 2.120 (For Suse)Linux
Vulnerabilities CVE-2018-1000192,CVE-2018-1000193,CVE-2018-1000194,CVE-2018-1000195 are fixed in Jenkins-Core for Linux 2.107.3Linux
Vulnerabilities CVE-2018-1000192,CVE-2018-1000193,CVE-2018-1000194,CVE-2018-1000195 are fixed in Jenkins-Core for Linux 2.121Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234