jenkins: job configuration issues (SECURITY-127, SECURITY-128)

🗓️ 26 Jan 2016 19:12:41Reported by RedHatType

Jenkins before 1.583 and long term support before 1.565.3 allow remote authenticated users with Job Configure to bypass restrictions and create or destroy arbitrary jobs.

Reporter	Title	Published	Views	Family All 57
FreeBSD	jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS	1 Oct 201400:00	–	freebsd
ArchLinux	jenkins: multiple issues	2 Oct 201400:00	–	archlinux
CVE	CVE-2014-3663	16 Oct 201419:00	–	cve
Cvelist	CVE-2014-3663	16 Oct 201419:00	–	cvelist
EUVD	EUVD-2022-2711	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS (549a2771-49cc-11e4-ae2c-c80aa9043978)	2 Oct 201400:00	–	nessus
Tenable Nessus	Jenkins < 1.583 / 1.565.3 and Jenkins Enterprise 1.532.x / 1.554.x / 1.565.x < 1.532.10.1 / 1.554.10.1 / 1.565.3.1 Multiple Vulnerabilities	4 Nov 201400:00	–	nessus
Tenable Nessus	RHEL 7 : openshift (RHSA-2016:0070)	6 Dec 201800:00	–	nessus
Tenable Nessus	RHCOS 3 : Red Hat OpenShift Enterprise 3.1.1 update (Important) (RHSA-2016:0070)	4 May 202600:00	–	nessus
Github Security Blog	Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs	17 May 202203:53	–	github

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	x86_64	atomic-openshift	0:3.1.1.6-1.git.0.b57e8bd.el7aos	atomic-openshift-0:3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	atomic-openshift-clients	0:3.1.1.6-1.git.0.b57e8bd.el7aos	atomic-openshift-clients-0:3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	atomic-openshift-clients-redistributable	0:3.1.1.6-1.git.0.b57e8bd.el7aos	atomic-openshift-clients-redistributable-0:3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	atomic-openshift-dockerregistry	0:3.1.1.6-1.git.0.b57e8bd.el7aos	atomic-openshift-dockerregistry-0:3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	atomic-openshift-master	0:3.1.1.6-1.git.0.b57e8bd.el7aos	atomic-openshift-master-0:3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	atomic-openshift-node	0:3.1.1.6-1.git.0.b57e8bd.el7aos	atomic-openshift-node-0:3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	atomic-openshift-pod	0:3.1.1.6-1.git.0.b57e8bd.el7aos	atomic-openshift-pod-0:3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	atomic-openshift-recycle	0:3.1.1.6-1.git.0.b57e8bd.el7aos	atomic-openshift-recycle-0:3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	atomic-openshift-sdn-ovs	0:3.1.1.6-1.git.0.b57e8bd.el7aos	atomic-openshift-sdn-ovs-0:3.1.1.6-1.git.0.b57e8bd.el7aos.x86_64.rpm
Red Hat Enterprise Linux	7	any	atomic-openshift-utils	0:3.0.35-1.git.0.6a386dd.el7aos.noarch	atomic-openshift-utils-0:3.0.35-1.git.0.6a386dd.el7aos.noarch.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2014-3663
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-3663
cve	www.cve.org/CVERecord

14 May 2026 22:23Current

7.5High risk

Vulners AI Score7.5

CVSS 26

EPSS0.01373

CWE-863