Moderate severityNVD Advisory· Published Oct 15, 2014· Updated May 6, 2026

CVE-2014-3681

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.main:jenkins-coreMaven	>= 1.566, < 1.583	1.583
org.jenkins-ci.main:jenkins-coreMaven	< 1.565.3	1.565.3

Affected products

Jenkins/Jenkins2 versions
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*range: <1.583
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*range: <1.565.3
Red Hat/Openshift
cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*
Range: <=3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2016:0070nvdThird Party AdvisoryWEB
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
exchange.xforce.ibmcloud.com/vulnerabilities/96975nvdThird Party AdvisoryVDB EntryWEB
github.com/advisories/GHSA-cwh9-f8m6-6r63ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2014-3681ghsaADVISORY
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01nvdVendor AdvisoryWEB
access.redhat.com/errata/RHBA-2014:1630ghsaWEB
access.redhat.com/security/cve/CVE-2014-3681ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000