Jenkins User Registration Form Detected

medium Web App Scanning Plugin ID 114967

Language:

Synopsis

Jenkins User Registration Form Detected

Description

Jenkins is an open-source automation server used to automate various aspects of software development, including building, testing, and deploying applications. An internal only Jenkins instance may be misconfigured to allow user registration, potentially leading to attackers creating accounts and gaining unauthorized access to the Jenkins instance and its resources.

Solution

Review the scope of the Jenkins instance. If the detected instance is intended for internal users only, disable the user registration feature.

See Also

https://www.jenkins.io/doc/book/security/

https://www.jenkins.io/doc/book/security/access-control/disable/

Plugin Details

Severity: Medium

ID: 114967

Type: remote

Family: Web Applications

Published: 9/23/2025

Updated: 9/23/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Reference Information

CWE: 284

OWASP: 2010-A8, 2013-A7, 2017-A5, 2021-A1

WASC: Insufficient Authorization

CAPEC: 19, 441, 478, 479, 502, 503, 536, 546, 550, 551, 552, 556, 558, 562, 563, 564, 578

DISA STIG: APSC-DV-000460

HIPAA: 164.312(a)(1), 164.312(a)(2)(i)

ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5

NIST: sp800_53-AC-3

OWASP API: 2019-API7, 2023-API8

OWASP ASVS: 4.0.2-1.4.2

PCI-DSS: 3.2-6.5.8