CVE-2014-3662
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
EPSS 0.11%
Description
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
How to fix CVE-2014-3662
To remediate CVE-2014-3662, upgrade the affected package to a fixed version below.
- Maven/org.jenkins-ci.main:jenkins-core—upgrade to 1.583 or later
Is CVE-2014-3662 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.566, < 1.583