Description

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-1773.html

https://access.redhat.com/errata/RHSA-2016:1206

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

Related Vulnerabilities

CVE-2020-11023 Vulnerability in maven package org.webjars:jquery

CVE-2018-1000603 Vulnerability in maven package org.jenkins-ci.plugins:openstack-cloud

CVE-2023-45143 Vulnerability in maven package org.webjars.npm:undici

CVE-2022-28150 Vulnerability in maven package com.synopsys.jenkinsci:ownership

CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-framework-core

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory