https://bugzilla.redhat.com/show_bug.cgi?id=1576708
Bug ID: 1576708
Summary: jenkins: Users were able to register user names
containing control characters (SECURITY-786)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: ahardin(a)redhat.com, bleanhar(a)redhat.com,
ccoleman(a)redhat.com, dedgar(a)redhat.com,
dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jgoulding(a)redhat.com, jokerman(a)redhat.com,
kseifried(a)redhat.com, mchappel(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com
The built-in Jenkins user database optionally allows user registration. This
feature did not properly sanitize user names, allowing registration of user
names containing control characters.
This could be used to confuse administrators (appearing to be a different user)
while preventing deletion of such users through the UI.
External References:
https://jenkins.io/security/advisory/2018-05-09/
--
You are receiving this mail because:
You are on the CC list for the bug.