CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2066
https://notcve.org/view.php?id=CVE-2014-2066
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. Vulnerabilidad de fijación de sesión en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos secuestrar sesiones web a través de vectores implicando las cookies "override" de Jenkins. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2061
https://notcve.org/view.php?id=CVE-2014-2061
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. El control de entrada en PasswordParameterDefinition en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos obtener contraseñas leyendo el código fuente HTML, relacionado con el valor por defecto. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-310: Cryptographic Issues •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2068
https://notcve.org/view.php?id=CVE-2014-2068
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. La función doIndex en hudson/util/RemotingDiagnostics.java de CloudBees Jenkins anterior a 1.551 y LTS anterior a 1.532.2 permite a usuarios remotos autenticados con el permiso ADMINISTER obtener infomación sensible a través de vectores relacionados con heapDump. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2063
https://notcve.org/view.php?id=CVE-2014-2063
Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos llevar a cabo ataques de secuestro de clic a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2064
https://notcve.org/view.php?id=CVE-2014-2064
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. La función loadUserByUsername en hudson/security/HudsonPrivateSecurityRealm.java en Jenkins en versiones anteriores a 1.551 y LTS en versiones anteriores a 1.532.2 permite a atacantes remotos determinar si existe un usuario relacionado con los intentos de acceso fallidos. • http://www.openwall.com/lists/oss-security/2014/02/21/2 https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •