3 matches found
GHSA-9VG9-X38G-9HFX Jenkins allows attackers to determine whether a user exists
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...
Information Disclosure
jenkins is vulnerable to information disclosure. The vulnerability exists as the loadUserByUsername function allows users to determine if a user exists through failed login attempts...
CVE-2014-2064
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...