CVE-2014-3661 — Uncontrolled Resource Consumption in Jenkins

CWE-399 CWE-400 — Uncontrolled Resource Consumption7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 63.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedOct 16

Latest updateMay 17

Description

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDjenkins/jenkins1.582+1

▶NVDredhat/openshift3.1

🔴Vulnerability Details

GHSA

Jenkins Denial of Service vulnerability↗2022-05-17

▶

OSV

Jenkins Denial of Service vulnerability↗2022-05-17

▶

CVEList

CVE-2014-3661: Jenkins before 1↗2014-10-16

▶

📋Vendor Advisories

Red Hat

jenkins: denial of service (SECURITY-87)↗2014-10-02

▶

Jenkins

Jenkins Security Advisory 2014-10-01↗2014-10-01

▶

💬Community

Bugzilla

CVE-2014-3661 jenkins: denial of service (SECURITY-87)↗2014-09-30

▶