An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05dmc5LXgzOGctOWhmeM4AAdTh

Jenkins allows attackers to determine whether a user exists

The loadUserByUsername function in hudson/security/ in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 2 months ago

Identifiers: GHSA-9vg9-x38g-9hfx, CVE-2014-2064
References: Repository:
Blast Radius: 1.0

Affected Packages

Affected Version Ranges: < 1.532.2, >= 1.533, < 1.551
Fixed in: 1.532.2, 1.551