CVE-2014-3680 — Sensitive Information Exposure in Jenkins

CWE-200 — Sensitive Information Exposure7 documents7 sources

Severity

4.0MEDIUMNVD

EPSS

0.1%

top 77.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedOct 16

Latest updateMay 17

Description

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDjenkins/jenkins1.565.2+1

▶NVDredhat/openshift3.1

🔴Vulnerability Details

OSV

Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability↗2022-05-17

▶

GHSA

Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability↗2022-05-17

▶

CVEList

CVE-2014-3680: Jenkins before 1↗2014-10-16

▶

📋Vendor Advisories

Red Hat

jenkins: password exposure in DOM (SECURITY-138)↗2014-10-02

▶

Jenkins

Jenkins Security Advisory 2014-10-01↗2014-10-01

▶

💬Community

Bugzilla

CVE-2014-3680 jenkins: password exposure in DOM (SECURITY-138)↗2014-10-02

▶