2018-05-15 22:00:00
redhat
PUBLISHED
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators web browsers could be manipulated to create a large number of user records (SECURITY-406).