CVE-2014-2061 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.533 <1.551 || >=0 <1.532.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00209 pctl0.43387

Details

Jenkin allows attackers to obtain passwords by reading the HTML source code The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.

Metadata

Created: 2022-05-17T03:53:54Z
Modified: 2024-03-05T14:38:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rxfv-gm5x-9wqj/GHSA-rxfv-gm5x-9wqj.json
CWE IDs: []
Alternative ID: GHSA-rxfv-gm5x-9wqj
Finding: F038
Auto approve: 1