vulnerability
Jenkins Advisory 2014-02-14: SECURITY-79
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | 2017-11-13 | 2017-11-13 | 2025-02-18 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
2017-11-13
Added
2017-11-13
Modified
2025-02-18
Description
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.
Solution(s)
jenkins-lts-upgrade-1_532_2jenkins-upgrade-1_551

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.