4 matches found
SUSE CVE-2014-2064
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...
GHSA-37WM-28RM-56VW Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
CloudBees Jenkins CI and LTS Create Reserved Names Vulnerability
CloudBees Jenkins CI formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI. A security vulnerability exists in the HudsonPrivateSecurityRealm class in CloudBees Jenkins CI...
jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)
It was discovered that the internal Jenkins user database did not restrict access to reserved names, allowing users to escalate privileges...