[java-sig-commits] [Bug 1335416] New: CVE-2016-3722 jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)

12 May 2016


      https://bugzilla.redhat.com/show_bug.cgi?id=1335416
Bug ID: 1335416
           Summary: CVE-2016-3722 jenkins: Malicious users with multiple
                    user accounts can prevent other users from logging in
                    (SECURITY-243)
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: low
          Priority: low
          Assignee: security-response-team@redhat.com
          Reporter: anemec@redhat.com
                CC: abhgupta@redhat.com, bleanhar@redhat.com,
                    ccoleman@redhat.com, dmcphers@redhat.com,
                    java-sig-commits@lists.fedoraproject.org,
                    jialiu@redhat.com, jkeck@redhat.com,
                    joelsmith@redhat.com, jokerman@redhat.com,
                    kseifried@redhat.com, lmeyer@redhat.com,
                    mizdebsk@redhat.com, mmccomas@redhat.com,
                    msrb@redhat.com, tdawson@redhat.com,
                    tiwillia@redhat.com
The following flaw was found in Jenkins:
By changing the freely editable 'full name', malicious users with multiple user
accounts could prevent other users from logging in, as 'full name' was resolved
before actual user name to determine which account is currently trying to log
in.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-...
-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[java-sig-commits] [Bug 1335416] New: CVE-2016-3722 jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)