CVE-2014-2061

EPSS 0.28%
Published 17.10.2014 15:55:05
Last modified 12.04.2025 10:46:40
Source security@debian.org
Teams watchlist Login
Open Login

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Jenkins ≫ Jenkins SwEditionlts Version <= 1.532.1

Jenkins ≫ Jenkins Version <= 1.550

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.28%	0.516

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/02/21/2

https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef

Patch

https://nvd.nist.gov/vuln/detail/CVE-2014-2061

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2061

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2061

EUVD