Jenkins » Jenkins : Security Vulnerabilities, CVEs, Published In 2014 (Information Leak)

CVE-2014-3680

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
Max CVSS
4.0
EPSS Score
0.12%
Published
2014-10-16
Updated
2023-02-13

CVE-2014-3667

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
Max CVSS
4.0
EPSS Score
0.12%
Published
2014-10-16
Updated
2023-02-13

CVE-2014-3662

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
Max CVSS
5.0
EPSS Score
0.30%
Published
2014-10-16
Updated
2023-02-13

CVE-2014-2064

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.
Max CVSS
5.0
EPSS Score
0.59%
Published
2014-10-17
Updated
2016-06-13
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close