Lucene search

Veracode Vulnerability DatabaseVERACODE:14789

HistoryMay 02, 2019 - 4:56 a.m.

Information Disclosure

2019-05-0204:56:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

jenkins is vulnerable to information disclosure. The vulnerability exists as the loadUserByUsername function allows users to determine if a user exists through failed login attempts.

CPENameOperatorVersion
openshift-origin-cartridge-jenkinseq1.20.3.4__1.el6op
openshift-origin-cartridge-jenkinseq1.20.3.3__1.el6op
openshift-origin-cartridge-jenkinseq1.9.8__1.el6op
openshift-origin-cartridge-jenkinseq1.16.1__2.el6op
jenkinseq1.554.2__1.el6op
jenkinseq1.509.1__1.el6op
jenkinseq1.488__2.el6op
jenkinseq1.502__1.el6op
jenkinseq1.498__1.1.el6op
jenkinseq1.506__1.el6op

Name	Operator	Version
openshift-origin-cartridge-jenkins	eq	1.20.3.4__1.el6op
openshift-origin-cartridge-jenkins	eq	1.20.3.3__1.el6op
openshift-origin-cartridge-jenkins	eq	1.9.8__1.el6op
openshift-origin-cartridge-jenkins	eq	1.16.1__2.el6op
jenkins	eq	1.554.2__1.el6op
jenkins	eq	1.509.1__1.el6op
jenkins	eq	1.488__2.el6op
jenkins	eq	1.502__1.el6op
jenkins	eq	1.498__1.1.el6op
jenkins	eq	1.506__1.el6op

Rows per page:

1-10 of 341

References

www.openwall.com/lists/oss-security/2014/02/21/2

access.redhat.com/security/cve/CVE-2013-5573

access.redhat.com/security/cve/CVE-2013-6372

access.redhat.com/security/cve/CVE-2013-7330

access.redhat.com/security/cve/CVE-2014-2059

access.redhat.com/security/cve/CVE-2014-2060

access.redhat.com/security/cve/CVE-2014-2061

access.redhat.com/security/cve/CVE-2014-2062

access.redhat.com/security/cve/CVE-2014-2063

access.redhat.com/security/cve/CVE-2014-2064

access.redhat.com/security/cve/CVE-2014-2065

access.redhat.com/security/cve/CVE-2014-2066

access.redhat.com/security/cve/CVE-2014-2067

access.redhat.com/security/cve/CVE-2014-2068

access.redhat.com/security/cve/CVE-2014-3661

access.redhat.com/security/cve/CVE-2014-3662

access.redhat.com/security/cve/CVE-2014-3663

access.redhat.com/security/cve/CVE-2014-3664

access.redhat.com/security/cve/CVE-2014-3665

access.redhat.com/security/cve/CVE-2014-3666

access.redhat.com/security/cve/CVE-2014-3667

access.redhat.com/security/cve/CVE-2014-3678

access.redhat.com/security/cve/CVE-2014-3681

bugzilla.redhat.com/show_bug.cgi?id=1127667

github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec

rhn.redhat.com/errata/RHBA-2014-1630.html

wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:14789