NVD

Id
31818  
Name
CVE-2014-3667  
Description
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2014-10-16  
Modified Date
2016-06-15  
Seq
2014-3667  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
167708 31818 CVE-2014-3667 RHSA-2016:0070  View
167709 31818 CVE-2014-3667 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16097 JVNDB-2014-004972 CloudBees Jenkins における重要な情報を取得される脆弱性 CloudBees Jenkins は、プラグインのダウンロードを適切に制限しないため、重要な情報を取得される脆弱性が存在します。 CVE-2014-3667 70955 CVE-2014-3667 31818 4 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004972.html 2014-10-01 2016-02-04 View