CVE Vulnerabilities

CVE-2014-2068

Published: Oct 17, 2014 | Modified: Jun 13, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.5 LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N
RedHat/V2
2.1 LOW
AV:N/AC:H/Au:S/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.

Affected Software

Name Vendor Start Version End Version
Jenkins Jenkins * 1.550 (including)
Red Hat OpenShift Enterprise 2.1 RedHat jenkins-0:1.565.3-1.el6op *
Red Hat OpenShift Enterprise 2.1 RedHat jenkins-plugin-openshift-0:0.6.40.1-0.el6op *
Red Hat OpenShift Enterprise 2.1 RedHat openshift-origin-cartridge-jenkins-0:1.20.3.5-1.el6op *
Jenkins Ubuntu precise *
Jenkins Ubuntu quantal *
Jenkins Ubuntu saucy *
Jenkins Ubuntu upstream *

References