Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1meHFyLXB4Mm0tZnZjMs4AAdTV

Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

Permalink: https://github.com/advisories/GHSA-fxqr-px2m-fvc2
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1meHFyLXB4Mm0tZnZjMs4AAdTV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago

Identifiers: GHSA-fxqr-px2m-fvc2, CVE-2014-3662
References:

• https://nvd.nist.gov/vuln/detail/CVE-2014-3662
• https://access.redhat.com/errata/RHSA-2016:0070
• https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
• https://access.redhat.com/errata/RHBA-2014:1630
• https://access.redhat.com/security/cve/CVE-2014-3662
• https://bugzilla.redhat.com/show_bug.cgi?id=1147759
• https://github.com/advisories/GHSA-fxqr-px2m-fvc2

Blast Radius: 1.0

Affected Packages