[java-sig-commits] [Bug 1576708] New: jenkins: Users were able to register user names containing control characters ( SECURITY-786)

Thursday, 10 May 2018

https://bugzilla.redhat.com/show_bug.cgi?id=1576708

            Bug ID: 1576708
           Summary: jenkins: Users were able to register user names
                    containing control characters (SECURITY-786)
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: low
          Priority: low
          Assignee: security-response-team(a)redhat.com
          Reporter: amaris(a)redhat.com
                CC: ahardin(a)redhat.com, bleanhar(a)redhat.com,
                    ccoleman(a)redhat.com, dedgar(a)redhat.com,
                    dmcphers(a)redhat.com,
                    java-sig-commits(a)lists.fedoraproject.org,
                    jgoulding(a)redhat.com, jokerman(a)redhat.com,
                    kseifried(a)redhat.com, mchappel(a)redhat.com,
                    mizdebsk(a)redhat.com, msrb(a)redhat.com

The built-in Jenkins user database optionally allows user registration. This
feature did not properly sanitize user names, allowing registration of user
names containing control characters.

This could be used to confuse administrators (appearing to be a different user)
while preventing deletion of such users through the UI.

External References:

https://jenkins.io/security/advisory/2018-05-09/

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[java-sig-commits] [Bug 1576708] New: jenkins: Users were able to register user names containing control characters ( SECURITY-786)