Description
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-1773.html
https://access.redhat.com/errata/RHSA-2016:1206
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
https://www.cloudbees.com/jenkins-security-advisory-2016-05-11
Related Vulnerabilities
CVE-2020-11023 Vulnerability in maven package org.webjars:jquery
CVE-2018-1000603 Vulnerability in maven package org.jenkins-ci.plugins:openstack-cloud
CVE-2023-45143 Vulnerability in maven package org.webjars.npm:undici
CVE-2022-28150 Vulnerability in maven package com.synopsys.jenkinsci:ownership
CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-framework-core