Vulnerabilities > CVE-2014-2061 - Cryptographic Issues vulnerability in Jenkins
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
| NASL family | CGI abuses |
| NASL id | JENKINS_1_551.NASL |
| description | The remote web server hosts a version of Jenkins or Jenkins Enterprise that is affected by multiple vulnerabilities : - A flaw in the default markup formatter allows cross-site scripting via the Description field in the user configuration. (CVE-2013-5573) - A security bypass vulnerability allows remote authenticated attackers to change configurations and execute arbitrary jobs. (CVE-2013-7285, CVE-2013-7330, CVE-2014-2058) - An unspecified flaw in the Winstone servlet allows remote attackers to hijack sessions. (CVE-2014-2060) - An input control flaw in |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 72685 |
| published | 2014-02-25 |
| reporter | This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/72685 |
| title | Jenkins < 1.551 / 1.532.2 and Jenkins Enterprise 1.509.x / 1.532.x < 1.509.5.1 / 1.532.2.2 Multiple Vulnerabilities |
Redhat
| rpms |
|
References
- http://www.openwall.com/lists/oss-security/2014/02/21/2
- http://www.openwall.com/lists/oss-security/2014/02/21/2
- https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef
- https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14