Description
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
Remediation
References
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
Related Vulnerabilities
CVE-2017-15701 Vulnerability in maven package org.apache.qpid:qpid-broker
CVE-2023-29529 Vulnerability in npm package matrix-js-sdk
CVE-2022-45935 Vulnerability in maven package org.apache.james:james-server-protocols-imap4
CVE-2023-2976 Vulnerability in maven package com.google.guava:guava
CVE-2020-6461 Vulnerability in maven package org.webjars.npm:electron