Fluid Attacks Database

Description

Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.jenkins-ci.main:jenkins-core	>=1.566 <1.583 \|\| >=0 <1.565.3	1.583, 1.565.3

Aliases

1. CVE-2014-36802. NVD-2014-36803. OSV-2014-36804. GCVE-2014-36805. access.redhat.com6. ACCESS-CVE-2014-3680

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=11486452. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.