CVE-2022-34174

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-34174
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34174.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-34174
Aliases
Downstream
Published
2022-06-23T17:15:15.507Z
Modified
2026-05-30T22:40:33.562131Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.

References

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/jenkins
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ac238ed0a627ac941513893c998c8f2bf018a649
Last affected
d43d0b51dd18bca980f7d384ec4a353a2a66b818
Database specific 
{
    "cpe": [
        "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
        "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.332.3"
        },
        {
            "last_affected": "2.355"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.324-rc
1.325-rc
1.327-rc
1.328-rc
2.*
2.332.1-rc-2
Other
builds/101
builds/102
builds/103
builds/104
builds/105
builds/106
builds/107
builds/108
builds/109
builds/110
builds/112
builds/113
builds/114
builds/115
builds/116
builds/117
builds/118
builds/119
builds/120
builds/121
builds/122
builds/123
builds/124
builds/125
builds/126
builds/127
builds/128
builds/130
builds/131
builds/132
builds/133
builds/134
builds/135
builds/136
builds/137
builds/138
builds/139
builds/140
builds/141
builds/142
builds/143
builds/144
builds/145
builds/146
builds/147
builds/148
builds/149
builds/150
builds/151
builds/152
builds/153
builds/154
builds/155
builds/156
builds/157
builds/158
builds/16
builds/160
builds/161
builds/162
builds/163
builds/164
builds/165
builds/166
builds/168
builds/169
builds/17
builds/170
builds/171
builds/172
builds/173
builds/174
builds/176
builds/177
builds/179
builds/18
builds/180
builds/181
builds/182
builds/183
builds/184
builds/185
builds/186
builds/187
builds/188
builds/189
builds/190
builds/191
builds/192
builds/193
builds/194
builds/195
builds/196
builds/197
builds/198
builds/199
builds/2
builds/200
builds/201
builds/202
builds/203
builds/204
builds/205
builds/206
builds/207
builds/209
builds/21
builds/210
builds/211
builds/212
builds/213
builds/214
builds/215
builds/216
builds/217
builds/218
builds/219
builds/22
builds/220
builds/221
builds/222
builds/223
builds/224
builds/225
builds/227
builds/228
builds/229
builds/23
builds/230
builds/231
builds/232
builds/233
builds/234
builds/235
builds/236
builds/237
builds/238
builds/239
builds/24
builds/240
builds/241
builds/242
builds/243
builds/244
builds/245
builds/247
builds/248
builds/249
builds/250
builds/251
builds/254
builds/255
builds/256
builds/257
builds/258
builds/259
builds/26
builds/260
builds/262
builds/264
builds/265
builds/266
builds/267
builds/268
builds/269
builds/27
builds/270
builds/271
builds/272
builds/273
builds/274
builds/275
builds/276
builds/277
builds/278
builds/279
builds/28
builds/280
builds/281
builds/282
builds/284
builds/285
builds/286
builds/287
builds/288
builds/29
builds/290
builds/291
builds/293
builds/294
builds/295
builds/296
builds/297
builds/298
builds/299
builds/30
builds/300
builds/301
builds/302
builds/303
builds/304
builds/305
builds/306
builds/31
builds/32
builds/33
builds/338
builds/339
builds/34
builds/340
builds/341
builds/342
builds/343
builds/344
builds/345
builds/346
builds/348
builds/35
builds/350
builds/352
builds/353
builds/355
builds/356
builds/357
builds/358
builds/359
builds/36
builds/361
builds/363
builds/37
builds/370
builds/371
builds/372
builds/39
builds/40
builds/41
builds/42
builds/43
builds/44
builds/46
builds/47
builds/48
builds/49
builds/50
builds/51
builds/52
builds/53
builds/54
builds/55
builds/56
builds/77
builds/81
builds/82
builds/83
builds/85
builds/86
builds/89
builds/90
builds/92
builds/93
builds/94
changes/101
changes/102
changes/103
changes/104
changes/105
changes/106
changes/107
changes/108
changes/109
changes/110
changes/113
changes/114
changes/115
changes/116
changes/117
changes/118
changes/119
changes/120
changes/121
changes/122
changes/123
changes/124
changes/125
changes/126
changes/127
changes/128
changes/130
changes/131
changes/132
changes/133
changes/134
changes/135
changes/136
changes/137
changes/138
changes/139
changes/140
changes/141
changes/142
changes/143
changes/144
changes/145
changes/146
changes/147
changes/148
changes/149
changes/150
changes/151
changes/152
changes/153
changes/154
changes/155
changes/156
changes/157
changes/158
changes/16
changes/161
changes/162
changes/163
changes/164
changes/165
changes/166
changes/169
changes/17
changes/170
changes/171
changes/172
changes/173
changes/174
changes/176
changes/177
changes/179
changes/18
changes/180
changes/181
changes/182
changes/183
changes/184
changes/185
changes/186
changes/187
changes/188
changes/189
changes/190
changes/191
changes/192
changes/193
changes/194
changes/195
changes/196
changes/197
changes/198
changes/199
changes/2
changes/20
changes/200
changes/201
changes/202
changes/203
changes/204
changes/205
changes/206
changes/207
changes/209
changes/21
changes/210
changes/211
changes/212
changes/213
changes/214
changes/215
changes/216
changes/217
changes/218
changes/22
changes/220
changes/221
changes/222
changes/223
changes/224
changes/225
changes/228
changes/229
changes/23
changes/230
changes/231
changes/232
changes/233
changes/234
changes/235
changes/236
changes/237
changes/238
changes/239
changes/24
changes/240
changes/241
changes/242
changes/243
changes/244
changes/245
changes/248
changes/249
changes/250
changes/251
changes/255
changes/256
changes/257
changes/258
changes/259
changes/262
changes/265
changes/266
changes/267
changes/268
changes/269
changes/27
changes/270
changes/271
changes/272
changes/273
changes/274
changes/275
changes/276
changes/277
changes/278
changes/279
changes/28
changes/280
changes/281
changes/282
changes/284
changes/286
changes/287
changes/288
changes/29
changes/290
changes/291
changes/293
changes/294
changes/295
changes/296
changes/297
changes/298
changes/299
changes/30
changes/300
changes/301
changes/302
changes/303
changes/304
changes/305
changes/306
changes/31
changes/32
changes/338
changes/339
changes/34
changes/340
changes/342
changes/343
changes/344
changes/345
changes/346
changes/348
changes/35
changes/350
changes/352
changes/353
changes/356
changes/357
changes/358
changes/36
changes/361
changes/363
changes/37
changes/370
changes/371
changes/372
changes/39
changes/40
changes/41
changes/42
changes/43
changes/44
changes/46
changes/47
changes/48
changes/49
changes/50
changes/51
changes/52
changes/53
changes/54
changes/55
changes/56
changes/76
changes/77
changes/79
changes/81
changes/82
changes/83
changes/85
changes/86
changes/89
changes/90
changes/92
changes/93
changes/94
jenkins-1.*
jenkins-1.604
jenkins-1.605
jenkins-1.606
jenkins-1.607
jenkins-1.608
jenkins-1.609
jenkins-1.610
jenkins-1.614
jenkins-1.615
jenkins-1.616
jenkins-1.617
jenkins-1.618
jenkins-1.619
jenkins-1.620
jenkins-1.621
jenkins-1.622
jenkins-1.623
jenkins-1.624
jenkins-1.625
jenkins-1.626
jenkins-1.627
jenkins-1.628
jenkins-1.638
jenkins-1.639
jenkins-1.640
jenkins-1.641
jenkins-1.642
jenkins-1.643
jenkins-1.644
jenkins-1.645
jenkins-1.646
jenkins-1.647
jenkins-1.648
jenkins-1.649
jenkins-1.650
jenkins-1.651
jenkins-1.652
jenkins-1.653
jenkins-1.654
jenkins-1.655
jenkins-1.656
jenkins-2.*
jenkins-2.10
jenkins-2.100
jenkins-2.101
jenkins-2.102
jenkins-2.103
jenkins-2.104
jenkins-2.105
jenkins-2.106
jenkins-2.108
jenkins-2.109
jenkins-2.11
jenkins-2.116
jenkins-2.117
jenkins-2.118
jenkins-2.12
jenkins-2.121
jenkins-2.122
jenkins-2.124
jenkins-2.125
jenkins-2.126
jenkins-2.127
jenkins-2.128
jenkins-2.129
jenkins-2.13
jenkins-2.130
jenkins-2.131
jenkins-2.132
jenkins-2.134
jenkins-2.135
jenkins-2.138
jenkins-2.14
jenkins-2.140
jenkins-2.141
jenkins-2.142
jenkins-2.143
jenkins-2.146
jenkins-2.147
jenkins-2.148
jenkins-2.149
jenkins-2.15
jenkins-2.150
jenkins-2.151
jenkins-2.154
jenkins-2.155
jenkins-2.156
jenkins-2.16
jenkins-2.160
jenkins-2.161
jenkins-2.162
jenkins-2.163
jenkins-2.164
jenkins-2.165
jenkins-2.17
jenkins-2.172
jenkins-2.173
jenkins-2.174
jenkins-2.18
jenkins-2.186
jenkins-2.19
jenkins-2.192
jenkins-2.197
jenkins-2.198
jenkins-2.199
jenkins-2.20
jenkins-2.200
jenkins-2.201
jenkins-2.202
jenkins-2.203
jenkins-2.204
jenkins-2.205
jenkins-2.21
jenkins-2.219
jenkins-2.22
jenkins-2.228
jenkins-2.229
jenkins-2.23
jenkins-2.230
jenkins-2.231
jenkins-2.232
jenkins-2.233
jenkins-2.234
jenkins-2.235
jenkins-2.236
jenkins-2.24
jenkins-2.245
jenkins-2.246
jenkins-2.247
jenkins-2.248
jenkins-2.249
jenkins-2.25
jenkins-2.250
jenkins-2.251
jenkins-2.253
jenkins-2.254
jenkins-2.255
jenkins-2.256
jenkins-2.257
jenkins-2.258
jenkins-2.259
jenkins-2.26
jenkins-2.260
jenkins-2.261
jenkins-2.262
jenkins-2.263
jenkins-2.264
jenkins-2.265
jenkins-2.266
jenkins-2.267
jenkins-2.268
jenkins-2.269
jenkins-2.27
jenkins-2.270
jenkins-2.271
jenkins-2.272
jenkins-2.273
jenkins-2.274
jenkins-2.276
jenkins-2.277
jenkins-2.278
jenkins-2.279
jenkins-2.28
jenkins-2.280
jenkins-2.281
jenkins-2.282
jenkins-2.283
jenkins-2.284
jenkins-2.285
jenkins-2.286
jenkins-2.287
jenkins-2.288
jenkins-2.289
jenkins-2.29
jenkins-2.290
jenkins-2.291
jenkins-2.292
jenkins-2.293
jenkins-2.294
jenkins-2.295
jenkins-2.296
jenkins-2.297
jenkins-2.298
jenkins-2.299
jenkins-2.3
jenkins-2.30
jenkins-2.301
jenkins-2.302
jenkins-2.303
jenkins-2.304
jenkins-2.305
jenkins-2.306
jenkins-2.307
jenkins-2.308
jenkins-2.309
jenkins-2.31
jenkins-2.310
jenkins-2.311
jenkins-2.312
jenkins-2.313
jenkins-2.314
jenkins-2.316
jenkins-2.317
jenkins-2.318
jenkins-2.319
jenkins-2.32
jenkins-2.320
jenkins-2.321
jenkins-2.322
jenkins-2.323
jenkins-2.324
jenkins-2.325
jenkins-2.326
jenkins-2.327
jenkins-2.328
jenkins-2.329
jenkins-2.33
jenkins-2.330
jenkins-2.331
jenkins-2.332
jenkins-2.332.1
jenkins-2.332.1-rc
jenkins-2.332.2
jenkins-2.332.2-rc
jenkins-2.332.2-rc-2
jenkins-2.332.3
jenkins-2.332.3-rc
jenkins-2.333
jenkins-2.334
jenkins-2.335
jenkins-2.336
jenkins-2.337
jenkins-2.338
jenkins-2.339
jenkins-2.34
jenkins-2.340
jenkins-2.341
jenkins-2.342
jenkins-2.343
jenkins-2.344
jenkins-2.345
jenkins-2.346
jenkins-2.347
jenkins-2.348
jenkins-2.349
jenkins-2.35
jenkins-2.350
jenkins-2.351
jenkins-2.352
jenkins-2.353
jenkins-2.354
jenkins-2.355
jenkins-2.36
jenkins-2.37
jenkins-2.4
jenkins-2.44
jenkins-2.45
jenkins-2.46
jenkins-2.47
jenkins-2.48
jenkins-2.49
jenkins-2.5
jenkins-2.50
jenkins-2.51
jenkins-2.52
jenkins-2.53
jenkins-2.57
jenkins-2.58
jenkins-2.59
jenkins-2.6
jenkins-2.60
jenkins-2.61
jenkins-2.62
jenkins-2.63
jenkins-2.64
jenkins-2.65
jenkins-2.66
jenkins-2.67
jenkins-2.68
jenkins-2.7
jenkins-2.8
jenkins-2.9
jenkins-2.95
jenkins-2.96
jenkins-2.97
jenkins-2.98
jenkins-2.99

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34174.json"