CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2014-2064
https://notcve.org/view.php?id=CVE-2014-2064
17 Oct 2014 — The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. La función loadUserByUsername en hudson/security/HudsonPrivateSecurityRealm.java en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos determinar si existe un usuario relacionado con los intentos de acceso fallidos. • https://github.com/Naramsim/Offensive • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2062
https://notcve.org/view.php?id=CVE-2014-2062
17 Oct 2014 — Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 no invalida el token de la API cuando es eliminado un usuario, lo que permite a usuarios remotos autenticados conservar el acceso a través del token. • http://www.openwall.com/lists/oss-security/2014/02/21/2 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2058
https://notcve.org/view.php?id=CVE-2014-2058
17 Oct 2014 — BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7330. BuildTrigger en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a usuarios remotos autenticados eludir las restricciones de acceso y ejecutar trabajos arbitrarios configurando un trabajo para dese... • http://www.openwall.com/lists/oss-security/2014/02/21/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2060
https://notcve.org/view.php?id=CVE-2014-2060
17 Oct 2014 — The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. El contenedor de servlet Winstone en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos secuestrar sesiones a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2014/02/21/2 •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3662 – jenkins: username discovery (SECURITY-110)
https://notcve.org/view.php?id=CVE-2014-3662
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos enumerar nombres de usuarios a través de vectores relacionados con intentos de inicio de sesión. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security iss... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3661 – jenkins: denial of service (SECURITY-87)
https://notcve.org/view.php?id=CVE-2014-3661
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos provocar una denegación de servicio (consumo de hilo) a través de vectores relacionados con un apretón de manos en CLI. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or pri... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3663 – jenkins: job configuration issues (SECURITY-127, SECURITY-128)
https://notcve.org/view.php?id=CVE-2014-3663
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/CONFIGURE eludir las restricciones destinadas y crear o destruir trabajos arbitrarios a través de vectores no especificados. OpenShift Enterprise by Red Hat is the com... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2014-3666 – jenkins: remote code execution flaw (SECURITY-150)
https://notcve.org/view.php?id=CVE-2014-3666
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado para el canal de CLI. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issues are ad... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3667 – jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155)
https://notcve.org/view.php?id=CVE-2014-3667
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 no previene adecuadamente la descarga de plugins, lo que permite a usuarios remotos autenticados con el permiso Overall/READ obtener información sensible leyendo el código del plugin. OpenShift Enterprise ... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3680 – jenkins: password exposure in DOM (SECURITY-138)
https://notcve.org/view.php?id=CVE-2014-3680
16 Oct 2014 — Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/READ obtener el valor por defecto para el campo password de un trabajo parametrizado leyendo el DOM. OpenShift Enterprise by Red Hat is the company's cloud computing Platfo... • https://access.redhat.com/errata/RHSA-2016:0070 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •