1. Home
  2. Vulnerabilities
  3. CVE-2022-34174

CVE-2022-34174

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.15 % (52th)
0.15% Progress
Affected Products 1
Advisories 4
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.

Weaknesses
CWE-203
Observable Discrepancy
CVE Status
PUBLISHED
CNA
Jenkins Project
Published Date
2022-06-23 17:15:15
(2 years ago)
Updated Date
2023-11-03 18:15:00
(10 months ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins 2.332.3 and prior versions cpe:2.3:a:jenkins:jenkins::*:*:*:lts <= 2.332.3
  Jenkins 2.355 and prior versions cpe:2.3:a:jenkins:jenkins::*:*:*:- <= 2.355