CVE-2014-3680

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.

Published: Oct 16, 2014
Updated: May 9, 2024
CVE: CVE-2014-3680
GHSA: GHSA-8x8p-mfwv-9fjw
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
jenkins / jenkins	-	1.565.2.x
redhat / openshift	-	3.1.x
jenkins / jenkins	-	1.582.x
org.jenkins-ci.main / jenkins-core	1.566	1.583
org.jenkins-ci.main / jenkins-core	-	1.565.3

https://access.redhat.com/errata/RHSA-2016:0070
https://access.redhat.com/security/cve/CVE-2014-3680
https://bugzilla.redhat.com/show_bug.cgi?id=1148645
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01

Vulnerability Database

289,599

CVE-2014-3680