CVE-2018-1999043 log

Severity Medium
Remote Yes
Type Access restriction bypass
A security issue has been found in Jenkins version prior to 2.146. When attempting to authenticate using API token, an ephemeral user record was created to validate the token in case an external security realm was used, and the user record in Jenkins not previously saved, as (legacy) API tokens could exist without a persisted user record.
This behavior could be abused to create a large number of ephemeral user records in memory.
Group Package Affected Fixed Severity Status Ticket
AVG-778 jenkins 2.145-1 2.146-1 Medium Fixed