NVD

Id
30558  
Name
CVE-2014-2064  
Description
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2014-10-17  
Modified Date
2016-06-13  
Seq
2014-2064  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
161493 30558 CVE-2014-2064 [oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)  View
161494 30558 CVE-2014-2064 https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec  View
161495 30558 CVE-2014-2064 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16050 JVNDB-2014-004925 CloudBees Jenkins の hudson/security/HudsonPrivateSecurityRealm.java におけるユーザが存在するかどうかを確認される脆弱性 CloudBees Jenkins の hudson/security/HudsonPrivateSecurityRealm.java の loadUserByUsername 関数には、ログイン試行の失敗に関する処理に不備があるため、ユーザが存在するかどうかを確認される脆弱性が存在します。 CVE-2014-2064 69351 CVE-2014-2064 30558 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004925.html 2014-02-08 2014-10-23 View