CVE-2016-3722: Permissions, Privileges, and Access Controls

May 17, 2016 (updated January 5, 2018)

Jenkins allows remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the “full name”.

References

nvd.nist.gov/vuln/detail/CVE-2016-3722
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
www.cloudbees.com/jenkins-security-advisory-2016-05-11

Detect and mitigate CVE-2016-3722 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →