CVE-2016-3722 — Incorrect Authorization in Jenkins

CWE-264 CWE-863 — Incorrect Authorization8 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 58.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedMay 17

Latest updateMay 14

Description

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDjenkins/jenkins1.651.1+1

▶NVDredhat/openshift3.1, 3.2+1

🔴Vulnerability Details

OSV

Incorrect Authorization in Jenkins Core↗2022-05-14

▶

GHSA

Incorrect Authorization in Jenkins Core↗2022-05-14

▶

CVEList

CVE-2016-3722: Jenkins before 2↗2016-05-17

▶

📋Vendor Advisories

Red Hat

jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)↗2016-05-11

▶

Jenkins

Jenkins Security Advisory 2016-05-11↗2016-05-11

▶

💬Community

Bugzilla

CVE-2016-3722 jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)↗2016-05-12

▶

Bugzilla

CVE-2016-3721 CVE-2016-3722 CVE-2016-3723 CVE-2016-3724 CVE-2016-3725 CVE-2016-3726 CVE-2016-3727 jenkins: various flaws [fedora-all]↗2016-05-12

▶