[MAVEN:GHSA-FXQR-PX2M-FVC2] Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Severity Moderate

Affected Packages 2

Fixed Packages 2

CVEs 1

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

Package	Affected Version
pkg:maven/org.jenkins-ci.main/jenkins-core	< 1.565.3
pkg:maven/org.jenkins-ci.main/jenkins-core	>= 1.566, < 1.583

Package	Fixed Version
pkg:maven/org.jenkins-ci.main/jenkins-core	= 1.565.3
pkg:maven/org.jenkins-ci.main/jenkins-core	= 1.583

ID

MAVEN:GHSA-FXQR-PX2M-FVC2

Severity

moderate

URL

https://github.com/advisories/GHSA-fxqr-px2m-fvc2

Published

2022-05-17T03:53:35
(2 years ago)

Modified

2023-02-08T18:03:06
(19 months ago)

Rights

Maven Security Team

Other Advisories

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2014-3662
			https://access.redhat.com/errata/RHSA-2016:0070
			https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
			https://access.redhat.com/errata/RHBA-2014:1630
			https://access.redhat.com/security/cve/CVE-2014-3662
			https://bugzilla.redhat.com/show_bug.cgi?id=1147759
			https://github.com/advisories/GHSA-fxqr-px2m-fvc2

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	< 1.565.3
Fixed	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	= 1.565.3
Affected	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	>= 1.566 < 1.583
Fixed	pkg:maven/org.jenkins-ci.main/jenkins-core	org.jenkins-ci.main	jenkins-core	= 1.583

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date