- EPSS 2.95%
- Veröffentlicht 17.10.2014 15:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.
CVE-2014-2065
- EPSS 1.77%
- Veröffentlicht 17.10.2014 15:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.
CVE-2014-2066
- EPSS 2.06%
- Veröffentlicht 17.10.2014 15:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies.
CVE-2014-2068
- EPSS 1.43%
- Veröffentlicht 17.10.2014 15:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.
- EPSS 1.38%
- Veröffentlicht 16.10.2014 19:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
CVE-2014-3666
- EPSS 3.65%
- Veröffentlicht 16.10.2014 19:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
- EPSS 1.36%
- Veröffentlicht 16.10.2014 19:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
- EPSS 1.36%
- Veröffentlicht 16.10.2014 19:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
- EPSS 1.8%
- Veröffentlicht 16.10.2014 19:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
- EPSS 1.74%
- Veröffentlicht 16.10.2014 19:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.