Candidate: CVE-2018-1999043
PublicDate: 2018-08-23 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999043
 https://jenkins.io/security/advisory/2018-08-15/#SECURITY-637
Description:
 A denial of service vulnerability exists in Jenkins 2.137 and earlier,
 2.121.2 and earlier in BasicAuthenticationFilter.java,
 BasicHeaderApiTokenAuthenticator.java that allows attackers to create
 ephemeral in-memory user records by attempting to log in using invalid
 credentials.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_jenkins:
upstream_jenkins: needs-triage
precise/esm_jenkins: DNE
trusty_jenkins: DNE
trusty/esm_jenkins: DNE
xenial_jenkins: DNE
bionic_jenkins: DNE
devel_jenkins: DNE