VIR Vulnerability Intelligence Relay

CVE-2014-3680

medium
Published 2014-10-16 · Modified 2025-04-14
CVSS v3
CVSS v2
4.0
VIR risk
4.0

Description

Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.jenkins-ci.main:jenkins-core>=1.566,<1.5831.583
java Mavenorg.jenkins-ci.main:jenkins-core<1.565.31.565.3

Application impact
VendorProductVersionsFixed
jenkinsjenkins{"endIncluding":"1.565.2"}
redhatopenshift{"endIncluding":"3.1"}

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.