Description
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Remediation
References
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
https://access.redhat.com/errata/RHSA-2016:1206
http://rhn.redhat.com/errata/RHSA-2016-1773.html
Related Vulnerabilities
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap-sass
CVE-2022-39198 Vulnerability in maven package com.alibaba:hessian-lite
CVE-2019-12397 Vulnerability in maven package org.apache.ranger:ranger
CVE-2022-41255 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt