CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-3674 – Enterprise: gears fail to properly isolate network traffic
https://notcve.org/view.php?id=CVE-2014-3674
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. Red Hat OpenShift Enterprise anterior a 2.2 no restringe debidamente el acceso a gears, lo que permite a atacantes remotos acceder a los recursos de red de gears arbitrarios a través de vectores no especificados. It was found that OpenShift Enterprise 2.1 did not properly restrict access to services running on different gears. This could allow an attacker to access unprotected network resources running in another user's gear. • http://rhn.redhat.com/errata/RHSA-2014-1796.html http://rhn.redhat.com/errata/RHSA-2014-1906.html https://access.redhat.com/security/cve/CVE-2014-3674 https://bugzilla.redhat.com/show_bug.cgi?id=1148170 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3661 – jenkins: denial of service (SECURITY-87)
https://notcve.org/view.php?id=CVE-2014-3661
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos provocar una denegación de servicio (consumo de hilo) a través de vectores relacionados con un apretón de manos en CLI. • https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3661 https://bugzilla.redhat.com/show_bug.cgi?id=1147758 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3662 – jenkins: username discovery (SECURITY-110)
https://notcve.org/view.php?id=CVE-2014-3662
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos enumerar nombres de usuarios a través de vectores relacionados con intentos de inicio de sesión. • https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3662 https://bugzilla.redhat.com/show_bug.cgi?id=1147759 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3663 – jenkins: job configuration issues (SECURITY-127, SECURITY-128)
https://notcve.org/view.php?id=CVE-2014-3663
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a usuarios remotos autenticados con el permiso Job/CONFIGURE eludir las restricciones destinadas y crear o destruir trabajos arbitrarios a través de vectores no especificados. • https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3663 https://bugzilla.redhat.com/show_bug.cgi?id=1147764 • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-3666 – jenkins: remote code execution flaw (SECURITY-150)
https://notcve.org/view.php?id=CVE-2014-3666
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. Jenkins en versiones anteriores a 1.583 y LTS en versiones anteriores a 1.565.3 permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado para el canal de CLI. • https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security/cve/CVE-2014-3666 https://bugzilla.redhat.com/show_bug.cgi?id=1147769 • CWE-94: Improper Control of Generation of Code ('Code Injection') •