CVE-2014-2061

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.

Published Bysecurity@debian.org

Published DateOct 17, 2014, 15:55

Affected Versions(2)

org.jenkins-ci.main:jenkins-core(Maven)

Introduced1.533

Fixed1.551

LimitN/A

org.jenkins-ci.main:jenkins-core(Maven)

Introduced0

Fixed1.532.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.jenkins-ci.main:jenkins-core(Maven)	1.533	1.551	N/A
org.jenkins-ci.main:jenkins-core(Maven)	0	1.532.2	N/A

Weakness Type (CWE):CWE-310

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE

References

Weakness Type (CWE):CWE-310

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE