CVE-2014-3662 — MEDIUM (5.0)

Q: What is CVE-2014-3662?

CVE-2014-3662 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

Q: How severe is CVE-2014-3662?

CVE-2014-3662 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3662?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins, Redhat Openshift.

Vulnerability Description

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Jenkins	Jenkins	<= 1.582
Redhat	Openshift	<= 3.1

Related Weaknesses (CWE)

CWE-200

References

https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-0Vendor Advisory
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-0Vendor Advisory

FAQ

What is CVE-2014-3662?

CVE-2014-3662 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.

How severe is CVE-2014-3662?

CVE-2014-3662 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3662?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins, Redhat Openshift.