Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jenkins Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2018-1000193 - Vulnerability Database
Jenkins

Jenkins Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2018-1000193

Medium
Reference: CVE-2018-1000193
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-1000193
Title: Jenkins Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users and cannot be deleted via the UI.