CVE-2014-3663 — Incorrect Authorization in Jenkins

CWE-264 CWE-863 — Incorrect Authorization7 documents7 sources

Severity

6.0MEDIUMNVD

EPSS

0.1%

top 79.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedOct 16

Latest updateMay 17

Description

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

▶NVDjenkins/jenkins1.565.2+1

▶NVDredhat/openshift3.1

🔴Vulnerability Details

OSV

Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs↗2022-05-17

▶

GHSA

Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs↗2022-05-17

▶

CVEList

CVE-2014-3663: Jenkins before 1↗2014-10-16

▶

📋Vendor Advisories

Red Hat

jenkins: job configuration issues (SECURITY-127, SECURITY-128)↗2014-10-02

▶

Jenkins

Jenkins Security Advisory 2014-10-01↗2014-10-01

▶

💬Community

Bugzilla

CVE-2014-3663 jenkins: job configuration issues (SECURITY-127, SECURITY-128)↗2014-09-30

▶