High severity8.2NVD Advisory· Published Dec 10, 2018· Updated Jun 17, 2026
CVE-2018-1000863
CVE-2018-1000863
Description
A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.138.4 | 2.138.4 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.140, < 2.154 | 2.154 |
Affected products
1Patches
Vulnerability mechanics
References
8- www.tenable.com/security/research/tra-2018-43nvdExploitThird Party AdvisoryWEB
- www.securityfocus.com/bid/106176nvdThird Party AdvisoryVDB EntryWEB
- access.redhat.com/errata/RHBA-2019:0024nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-4jhm-5f7g-75fpghsaADVISORY
- jenkins.io/security/advisory/2018-12-05/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1000863ghsaADVISORY
- github.com/jenkinsci/jenkins/commit/4ed66e5838476e575a83c3cd13fffb37eefa2f48ghsaWEB
- github.com/jenkinsci/jenkins/commit/7bae6dd6ef23af988801d38dc0f8f693bc6283f8ghsaWEB
News mentions
0No linked articles in our index yet.