Allele Security Alert
ASA-2018-00087, CVE-2018-1000863, SECURITY-1072
Forced migration of user records
Jenkins LTS 2.138.4 or 2.150.1
Proof of concept
The fix for SECURITY-499 introduced a mechanism that renamed user directories on disk as a user with an unsafe user name (user ID) is loaded. Insufficient input validation allowed attackers to rename such user directories even for users with a safe user name by submitting a crafted user name when attempting to log in, even with an invalid password. Doing so prevented users from logging in successfully afterwards.
Nimrod Stoler (CyberArk Labs) and Evan Grant (Tenable)
Jenkins Security Advisory 2018-12-05
CloudBees Security Advisory 2018-12-05
[SECURITY-1072] Make ApiTokenStats work
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: March 6, 2019