VDB
BIT-jenkins-2022-34174
BIT-jenkins-2022-34174
PUBLISHED
CVSS 7.5 HIGH
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | jenkins | 0, 0, 0 |
Timeline
- Mar 6, 2024 CVE Published
- Apr 3, 2025 CVE Updated