fkie_nvd - fkie_cve-2014-2068

fkie_cve-2014-2068

Vulnerability from fkie_nvd

Published

2014-10-17 15:55

Modified

2025-04-12 10:46

Severity ?

Summary

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.

References

URL	Tags
security@debian.org	http://www.openwall.com/lists/oss-security/2014/02/21/2
security@debian.org	https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb	Patch
security@debian.org	https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/02/21/2
af854a3a-2127-422b-91ae-364da2661108	https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb	Patch
af854a3a-2127-422b-91ae-364da2661108	https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14	Vendor Advisory

Impacted products

	Vendor	Product	Version
	jenkins	jenkins	*
	jenkins	jenkins	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E4FEB5-A7D9-49FE-839A-0D650CC19C42",
              "versionEndIncluding": "1.550",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F5EDE52E-F7BE-457D-8E56-F24800F02241",
              "versionEndIncluding": "1.532.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n doIndex en hudson/util/RemotingDiagnostics.java de CloudBees Jenkins anterior a 1.551 y LTS anterior a 1.532.2 permite a usuarios remotos autenticados con el permiso ADMINISTER obtener infomaci\u00f3n sensible a trav\u00e9s de vectores relacionados con heapDump."
    }
  ],
  "id": "CVE-2014-2068",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-17T15:55:05.883",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-2068 (GCVE-0-2014-2068)

Vulnerability from cvelistv5

Published

2014-10-17 15:00