Lucene search

GitHub Advisory DatabaseGHSA-PV88-J6RG-R56P

HistoryMay 17, 2022 - 3:53 a.m.

Jenkins allows attackers to obtain sensitive information

2022-05-1703:53:42

GitHub Advisory Database

github.com

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.5%

JSON

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.

Affected configurations

Vulners

Node

org.jenkins-ci.main\Matchjenkins-core

CPENameOperatorVersion
org.jenkins-ci.main:jenkins-corelt1.532.2
org.jenkins-ci.main:jenkins-corelt1.551

CPE	Name	Operator	Version
	org.jenkins-ci.main:jenkins-core	lt	1.532.2
	org.jenkins-ci.main:jenkins-core	lt	1.551

References

www.openwall.com/lists/oss-security/2014/02/21/2

github.com/advisories/GHSA-pv88-j6rg-r56p

github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb

nvd.nist.gov/vuln/detail/CVE-2014-2068

wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.5%

JSON

Related for GHSA-PV88-J6RG-R56P