CVE-2018-1999043 - log back

CVE-2018-1999043 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ A security issue has been found in Jenkins version prior to 2.146. When attempting to authenticate using API token, an ephemeral user record was created to validate the token in case an external security realm was used, and the user record in Jenkins not previously saved, as (legacy) API tokens could exist without a persisted user record.
+ This behavior could be abused to create a large number of ephemeral user records in memory.
References
+ https://jenkins.io/security/advisory/2018-10-10/
Notes