CVE-2016-3722

MEDIUM

Jenkins <2.3, LTS <1.651.2 - DoS

Title source: llm

Description

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."

References (4)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-1773.html

[Vendor Advisory] https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

[Vendor Advisory] https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2016:1206

Scores

CVSS v3 4.3

EPSS 0.0020

EPSS Percentile 41.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-264

Status draft

Affected Products (5)

jenkins/jenkins < 1.651.1

redhat/openshift

jenkins/jenkins < 2.2

org.jenkins-ci.main/jenkins-core < 2.3Maven

Timeline

Published May 17, 2016

Tracked Since Feb 18, 2026