1
Candidate: CVE-2017-2613
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2613
5
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01
7
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF
8
using GET by admins. While this user record was only retained until restart
9
in most cases, administrators' web browsers could be manipulated to create
10
a large number of user records (SECURITY-406).
12
Accessing these URLs now no longer results in a user record getting
13
created, Jenkins will respond with 404 Not Found if no such user
14
exists. When using the internal Jenkins user database, new users can
15
be created via Manage Jenkins » Manage Users.
20
Discovered-by: Jean Marsault
24
upstream_jenkins: released (2.44, 2.32.2)
25
precise_jenkins: ignored (reached end-of-life)
26
precise/esm_jenkins: DNE (precise was needed)
28
vivid/stable-phone-overlay_jenkins: DNE
29
vivid/ubuntu-core_jenkins: DNE