PT-2014-4468 · Cloudbees+1 · Cloudbees Jenkins+1

Publicado

2014-10-17

Atualizado

2022-05-17

CVE-2014-2068

CVSS v2.0

3.5

Baixa

Vetor

AV:N/AC:M/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CloudBees Jenkins versions prior to 1.551 CloudBees Jenkins LTS versions prior to 1.532.2

Description The issue allows remote authenticated users with the ADMINISTER permission to obtain sensitive information. This is related to the doIndex function in hudson/util/RemotingDiagnostics.java and involves vectors related to heap dump.

Recommendations For CloudBees Jenkins versions prior to 1.551, update to version 1.551 or later. For CloudBees Jenkins LTS versions prior to 1.532.2, update to version 1.532.2 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2014-2068

GHSA-PV88-J6RG-R56P

Produtos afetados

Cloudbees Jenkins

Jenkins

PT-2014-4468 · Cloudbees+1 · Cloudbees Jenkins+1

CVE-2014-2068

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6