CVE-2014-3662Sensitive Information Exposure in Jenkins

CWE-200Sensitive Information Exposure7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.1%
top 71.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
JenkinsRedhat Openshift
Timeline
PublishedOct 16
Latest updateMay 17

Description

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDjenkins/jenkins1.582+1

🔴Vulnerability Details

3
OSV
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability2022-05-17
GHSA
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability2022-05-17
CVEList
CVE-2014-3662: Jenkins before 12014-10-16

📋Vendor Advisories

2
Red Hat
jenkins: username discovery (SECURITY-110)2014-10-02
Jenkins
Jenkins Security Advisory 2014-10-012014-10-01

💬Community

1
Bugzilla
CVE-2014-3662 jenkins: username discovery (SECURITY-110)2014-09-30
CVE-2014-3662 — Sensitive Information Exposure | cvebase