Description
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-1773.html
https://access.redhat.com/errata/RHSA-2016:1206
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
Related Vulnerabilities
CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.12
CVE-2021-36737 Vulnerability in maven package org.apache.portals.pluto.demo:v3-demo-portlet
CVE-2023-25813 Vulnerability in npm package sequelize
CVE-2021-45046 Vulnerability in maven package org.apache.logging.log4j:log4j-core
CVE-2023-40348 Vulnerability in maven package org.jenkins-ci.plugins:gogs-webhook