CVE-2014-3667 - CERT CVE
ID CVE-2014-3667
Sažetak Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
Reference
CVSS
Base: 4.0
Impact: 2.9
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL NONE NONE
CVSS vektor AV:N/AC:L/Au:S/C:P/I:N/A:N
Zadnje važnije ažuriranje 13-02-2023 - 00:41
Objavljeno 16-10-2014 - 19:55