CVE-2014-3663 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.566 <1.583 || >=0 <1.565.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0007 pctl0.22035

Details

Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.

Metadata

Created: 2022-05-17T03:53:35Z
Modified: 2023-02-08T18:02:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-64mc-2m9p-23c8/GHSA-64mc-2m9p-23c8.json
CWE IDs: []
Alternative ID: GHSA-64mc-2m9p-23c8
Finding: F039
Auto approve: 1