CVE-2014-3662

{"result": {"openvas": [{"id": "OPENVAS:1361412562310807013", "type": "openvas", "title": "CloudBees Jenkins Multiple Vulnerabilities -02 December15", "description": "This host is installed with CloudBees\n Jenkins and is prone to multiple vulnerabilities.", "published": "2015-12-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807013", "cvelist": ["CVE-2014-3666", "CVE-2014-3680", "CVE-2014-3667", "CVE-2014-3661", "CVE-2014-3663", "CVE-2014-3662"], "lastseen": "2017-07-12T10:53:21"}, {"id": "OPENVAS:1361412562310808268", "type": "openvas", "title": "CloudBees Jenkins Multiple Vulnerabilities -02 August16 (Linux)", "description": "This host is installed with CloudBees\n Jenkins and is prone to multiple vulnerabilities.", "published": "2016-08-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808268", "cvelist": ["CVE-2014-3666", "CVE-2014-3680", "CVE-2014-3667", "CVE-2014-3661", "CVE-2014-3663", "CVE-2014-3662"], "lastseen": "2017-07-02T21:12:39"}], "nessus": [{"id": "JENKINS_1_583.NASL", "type": "nessus", "title": "Jenkins < 1.583 / 1.565.3 and Jenkins Enterprise 1.532.x / 1.554.x / 1.565.x < 1.532.10.1 / 1.554.10.1 / 1.565.3.1 Multiple Vulnerabilities", "description": "The remote web server hosts a version of Jenkins (open source) or CloudBees Jenkins Enterprise that is affected by multiple vulnerabilities :\n\n - An error exists related to file upload processing that allows a remote attacker to overwrite arbitrary files.\n (CVE-2013-2186)\n\n - An input validation error exists related to the included 'ZeroClipboard' component that allows cross-site scripting attacks. (CVE-2014-1869)\n\n - An error exists related to 'CLI handshake' handling that allows denial of service attacks. (CVE-2014-3661)\n\n - An error exists related to handling login attempts using non-existent or incorrect account names that allows a remote attacker to enumerate application user names.\n (CVE-2014-3662)\n\n - An error exists related to handling users having 'Job/CONFIGURE' permissions that allows such users to perform actions meant only for 'Job/CREATE' permissions.\n (CVE-2014-3663)\n\n - An error exists related to handling users having 'Overall/READ' permissions that allows directory traversal attacks. (CVE-2014-3664)\n\n - An error exists related to the 'CLI channel' that allows arbitrary code execution by a remote attacker on the Jenkins master. (CVE-2014-3666)\n\n - An error exists related to handling users having 'Overall/READ' permissions that allows plugin source code to be disclosed. (CVE-2014-3667)\n\n - An input validation error exists related to the 'Monitoring' plugin that allows cross-site scripting attacks. (CVE-2014-3678)\n\n - An error exists related to the 'Monitoring' plugin that allows unauthorized access to sensitive information.\n (CVE-2014-3679)\n\n - An error exists related to handling users having 'Job/READ' permissions that allows such users to obtain default passwords belonging to parameterized jobs. (CVE-2014-3680)\n\n - An unspecified input validation error allows cross-site scripting attacks. (CVE-2014-3681)", "published": "2014-11-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78859", "cvelist": ["CVE-2014-3666", "CVE-2014-3680", "CVE-2014-3667", "CVE-2014-1869", "CVE-2014-3661", "CVE-2014-3678", "CVE-2014-3681", "CVE-2014-3679", "CVE-2013-2186", "CVE-2014-3663", "CVE-2014-3664", "CVE-2014-3662"], "lastseen": "2016-11-24T09:24:37"}, {"id": "FREEBSD_PKG_549A277149CC11E4AE2CC80AA9043978.NASL", "type": "nessus", "title": "FreeBSD : jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS (549a2771-49cc-11e4-ae2c-c80aa9043978)", "description": "Jenkins Security Advisory : DescriptionSECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake) This vulnerability allows unauthenticated users with access to Jenkins' HTTP/HTTPS port to mount a DoS attack on Jenkins through thread exhaustion.\nSECURITY-110/CVE-2014-3662 (User name discovery) Anonymous users can test if the user of a specific name exists or not through login attempts. SECURITY-127&128/CVE-2014-3663 (privilege escalation in job configuration permission) An user with a permission limited to Job/CONFIGURE can exploit this vulnerability to effectively create a new job, which should have been only possible for users with Job/CREATE permission, or to destroy jobs that he/she does not have access otherwise. SECURITY-131/CVE-2014-3664 (directory traversal attack) Users with Overall/READ permission can access arbitrary files in the file system readable by the Jenkins process, resulting in the exposure of sensitive information, such as encryption keys.\nSECURITY-138/CVE-2014-3680 (Password exposure in DOM) If a parameterized job has a default value in a password field, that default value gets exposed to users with Job/READ permission.\n\nSECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins core) Reflected cross-site scripting vulnerability in Jenkins core. An attacker can navigate the user to a carefully crafted URL and have the user execute unintended actions. SECURITY-150/CVE-2014-3666 (remote code execution from CLI) Unauthenticated user can execute arbitrary code on Jenkins master by sending carefully crafted packets over the CLI channel. SECURITY-155/CVE-2014-3667 (exposure of plugin code) Programs that constitute plugins can be downloaded by anyone with the Overall/READ permission, resulting in the exposure of otherwise sensitive information, such as hard-coded keys in plugins, if any.\nSECURITY-159/CVE-2013-2186 (arbitrary file system write) Security vulnerability in commons fileupload allows unauthenticated attacker to upload arbitrary files to Jenkins master. SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard) reflective XSS vulnerability in one of the library dependencies of Jenkins. SECURITY-113/CVE-2014-3678 (XSS vulnerabilities in monitoring plugin) Monitoring plugin allows an attacker to cause a victim into executing unwanted actions on Jenkins instance. SECURITY-113/CVE-2014-3679 (hole in access control) Certain pages in monitoring plugin are visible to anonymous users, allowing them to gain information that they are not supposed to.\n\nSeverity SECURITY-87 is rated medium, as it results in the loss of functionality.\n\nSECURITY-110 is rated medium, as it results in a limited amount of information exposure.\n\nSECURITY-127 and SECURITY-128 are rated high. The former can be used to further escalate privileges, and the latter results in loss of data.\n\nSECURITY-131 and SECURITY-138 is rated critical. This vulnerabilities results in exposure of sensitie information and is easily exploitable.\n\nSECURITY-143 is rated high. It is a passive attack, but it can result in a compromise of Jenkins master or loss of data.\n\nSECURITY-150 is rated critical. This attack can be mounted by any unauthenticated anonymous user with HTTP reachability to Jenkins instance, and results in remote code execution on Jenkins.\n\nSECURITY-155 is rated medium. This only affects users who have installed proprietary plugins on publicly accessible instances, which is relatively uncommon.\n\nSECURITY-159 is rated critical. This attack can be mounted by any unauthenticated anonymous user with HTTP reachability to Jenkins instance.\n\nSECURITY-113 is rated high. It is a passive attack, but it can result in a compromise of Jenkins master or loss of data.", "published": "2014-10-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78017", "cvelist": ["CVE-2014-3666", "CVE-2014-3680", "CVE-2014-3667", "CVE-2014-1869", "CVE-2014-3661", "CVE-2014-3678", "CVE-2014-3681", "CVE-2014-3679", "CVE-2013-2186", "CVE-2014-3663", "CVE-2014-3664", "CVE-2014-3662"], "lastseen": "2017-07-05T21:45:51"}], "freebsd": [{"id": "549A2771-49CC-11E4-AE2C-C80AA9043978", "type": "freebsd", "title": "jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS", "description": "\nJenkins Security Advisory:\n\nDescription\nSECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI\n\t handshake)\nThis vulnerability allows unauthenticated users\n\t with access to Jenkins' HTTP/HTTPS port to mount a DoS attack on\n\t Jenkins through thread exhaustion.\nSECURITY-110/CVE-2014-3662 (User name discovery)\nAnonymous users can test if the user of a specific name exists or\n\t not through login attempts.\nSECURITY-127&128/CVE-2014-3663 (privilege escalation in job\n\t configuration permission)\nAn user with a permission limited\n\t to Job/CONFIGURE can exploit this vulnerability to effectively\n\t create a new job, which should have been only possible for users\n\t with Job/CREATE permission, or to destroy jobs that he/she does not\n\t have access otherwise.\nSECURITY-131/CVE-2014-3664 (directory traversal attack)\nUsers with Overall/READ permission can access arbitrary files in\n\t the file system readable by the Jenkins process, resulting in the\n\t exposure of sensitive information, such as encryption keys.\nSECURITY-138/CVE-2014-3680 (Password exposure in DOM)\nIf a parameterized job has a default value in a password field,\n\t that default value gets exposed to users with Job/READ permission.\n\t \nSECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins\n\t core)\nReflected cross-site scripting vulnerability in Jenkins\n\t core. An attacker can navigate the user to a carefully crafted URL\n\t and have the user execute unintended actions.\nSECURITY-150/CVE-2014-3666 (remote code execution from CLI)\nUnauthenticated user can execute arbitrary code on Jenkins master\n\t by sending carefully crafted packets over the CLI channel.\nSECURITY-155/CVE-2014-3667 (exposure of plugin code)\nPrograms that constitute plugins can be downloaded by anyone with\n\t the Overall/READ permission, resulting in the exposure of otherwise\n\t sensitive information, such as hard-coded keys in plugins, if\n\t any.\nSECURITY-159/CVE-2013-2186 (arbitrary file system write)\nSecurity vulnerability in commons fileupload allows\n\t unauthenticated attacker to upload arbitrary files to Jenkins\n\t master.\nSECURITY-149/CVE-2014-1869 (XSS vulnerabilities in\n\t ZeroClipboard)\nreflective XSS vulnerability in one of the\n\t library dependencies of Jenkins.\nSECURITY-113/CVE-2014-3678 (XSS vulnerabilities in monitoring\n\t plugin) Monitoring plugin allows an attacker to cause a\n\t victim into executing unwanted actions on Jenkins instance.\nSECURITY-113/CVE-2014-3679 (hole in access control)\nCertain pages in monitoring plugin are visible to anonymous users,\n\t allowing them to gain information that they are not supposed to.\n\t \nSeverity\nSECURITY-87 is rated medium, as it results in the\n\t loss of functionality.\nSECURITY-110 is rated medium, as it results in a\n\t limited amount of information exposure.\nSECURITY-127 and SECURITY-128 are rated high. The\n\t former can be used to further escalate privileges, and the latter\n\t results in loss of data.\nSECURITY-131 and SECURITY-138 is rated critical.\n\t This vulnerabilities results in exposure of sensitie information\n\t and is easily exploitable.\nSECURITY-143 is rated high. It is a passive\n\t attack, but it can result in a compromise of Jenkins master or loss\n\t of data.\nSECURITY-150 is rated critical. This attack can\n\t be mounted by any unauthenticated anonymous user with HTTP\n\t reachability to Jenkins instance, and results in remote code\n\t execution on Jenkins.\nSECURITY-155 is rated medium. This only affects\n\t users who have installed proprietary plugins on publicly accessible\n\t instances, which is relatively uncommon.\nSECURITY-159 is rated critical. This attack can\n\t be mounted by any unauthenticated anonymous user with HTTP\n\t reachability to Jenkins instance.\nSECURITY-113 is rated high. It is a passive\n\t attack, but it can result in a compromise of Jenkins master or loss\n\t of data.\n\n", "published": "2014-10-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/549a2771-49cc-11e4-ae2c-c80aa9043978.html", "cvelist": ["CVE-2014-3666", "CVE-2014-3680", "CVE-2014-3667", "CVE-2014-1869", "CVE-2014-3661", "CVE-2014-3678", "CVE-2014-3681", "CVE-2014-3679", "CVE-2013-2186", "CVE-2014-3663", "CVE-2014-3664", "CVE-2014-3662"], "lastseen": "2017-07-04T22:15:49"}], "archlinux": [{"id": "ASA-201410-2", "type": "archlinux", "title": "jenkins: multiple issues", "description": "- SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake)\nThis vulnerability allows unauthenticated users with access to Jenkins'\nHTTP/HTTPS port to mount a DoS attack on Jenkins through thread exhaustion.\n\n- SECURITY-110/CVE-2014-3662 (User name discovery)\nAnonymous users can test if the user of a specific name exists or not\nthrough login attempts.\n\n- SECURITY-127&128/CVE-2014-3663 (privilege escalation in job\nconfiguration permission)\nAn user with a permission limited to Job/CONFIGURE can exploit this\nvulnerability to effectively create a new job, which should have been\nonly possible for users with Job/CREATE permission, or to destroy jobs\nthat he/she does not have access otherwise.\n\n- SECURITY-131/CVE-2014-3664 (directory traversal attack)\nUsers with Overall/READ permission can access arbitrary files in the\nfile system readable by the Jenkins process, resulting in the exposure\nof sensitive information, such as encryption keys.\n\n- SECURITY-138/CVE-2014-3680 (Password exposure in DOM)\nIf a parameterized job has a default value in a password field, that\ndefault value gets exposed to users with Job/READ permission.\n\n- SECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins core)\nReflected cross-site scripting vulnerability in Jenkins core. An\nattacker can navigate the user to a carefully crafted URL and have the\nuser execute unintended actions.\n\n- SECURITY-150/CVE-2014-3666 (remote code execution from CLI)\nUnauthenticated user can execute arbitrary code on Jenkins master by\nsending carefully crafted packets over the CLI channel.\n\n- SECURITY-155/CVE-2014-3667 (exposure of plugin code)\nPrograms that constitute plugins can be downloaded by anyone with the\nOverall/READ permission, resulting in the exposure of otherwise\nsensitive information, such as hard-coded keys in plugins, if any.\n\n- SECURITY-159/CVE-2013-2186 (arbitrary file system write)\nSecurity vulnerability in commons fileupload allows unauthenticated\nattacker to upload arbitrary files to Jenkins master.\n\n- SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard)\nreflective XSS vulnerability in one of the library dependencies of Jenkins.\n\n- SECURITY-113/CVE-2014-3678 (XSS vulnerabilities in monitoring plugin)\nMonitoring plugin allows an attacker to cause a victim into executing\nunwanted actions on Jenkins instance.\n\n- SECURITY-113/CVE-2014-3679 (hole in access control)\nCertain pages in monitoring plugin are visible to anonymous users,\nallowing them to gain information that they are not supposed to.", "published": "2014-10-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html", "cvelist": ["CVE-2014-3666", "CVE-2014-3680", "CVE-2014-3667", "CVE-2014-1869", "CVE-2014-3661", "CVE-2014-3678", "CVE-2014-3681", "CVE-2014-3679", "CVE-2013-2186", "CVE-2014-3663", "CVE-2014-3664", "CVE-2014-3662"], "lastseen": "2016-09-02T18:44:35"}], "redhat": [{"id": "RHSA-2016:0070", "type": "redhat", "title": "(RHSA-2016:0070) Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update", "description": "OpenShift Enterprise by Red Hat is the company's cloud computing \nPlatform-as-a-Service (PaaS) solution designed for on-premise or \nprivate cloud deployments.\n\nThe following security issues are addressed with this release:\n\nAn authorization flaw was discovered in Kubernetes; the API server \ndid not properly check user permissions when handling certain \nrequests. An authenticated remote attacker could use this flaw to \ngain additional access to resources such as RAM and disk space. \n(CVE-2016-1905)\n\nAn authorization flaw was discovered in Kubernetes; the API server \ndid not properly check user permissions when handling certain build-\nconfiguration strategies. A remote attacker could create build \nconfigurations with strategies that violate policy. Although the \nattacker could not launch the build themselves (launch fails when \nthe policy is violated), if the build configuration files were later \nlaunched by other privileged services (such as automated triggers), \nuser privileges could be bypassed allowing attacker escalation. \n(CVE-2016-1906)\n\nAn update for Jenkins Continuous Integration Server that addresses a \nlarge number of security issues including XSS, CSRF, information \ndisclosure and code execution have been addressed as well. \n(CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662\nCVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667\nCVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807\nCVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813\nCVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319\nCVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323\nCVE-2015-5324, CVE-2015-5325, CVE-2015-5326 ,CVE-2015-7537\nCVE-2015-7538, CVE-2015-7539, CVE-2015-8103)\n\nSpace precludes documenting all of the bug fixes and enhancements in \nthis advisory. See the OpenShift Enterprise 3.1 Release Notes, which \nwill be updated shortly for release 3.1.1, for details about these \nchanges:\n\nhttps://docs.openshift.com/enterprise/3.1/release_notes/ose_3_1_release_notes.html\n\nAll OpenShift Enterprise 3 users are advised to upgrade to these \nupdated packages.", "published": "2016-01-27T00:01:15", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0070", "cvelist": ["CVE-2014-3666", "CVE-2014-3680", "CVE-2014-3667", "CVE-2015-5323", "CVE-2016-1906", "CVE-2015-1814", "CVE-2015-1806", "CVE-2015-1812", "CVE-2015-1808", "CVE-2015-7537", "CVE-2014-1869", "CVE-2014-3661", "CVE-2014-3681", "CVE-2015-7539", "CVE-2015-1810", "CVE-2015-7538", "CVE-2013-2186", "CVE-2015-5324", "CVE-2015-5319", "CVE-2015-1807", "CVE-2014-3663", "CVE-2015-5322", "CVE-2015-5317", "CVE-2015-5321", "CVE-2015-5320", "CVE-2015-5318", "CVE-2015-5326", "CVE-2016-1905", "CVE-2015-1813", "CVE-2015-5325", "CVE-2014-3664", "CVE-2015-8103", "CVE-2014-3662"], "lastseen": "2016-09-04T11:17:42"}]}}