Description

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-1773.html

https://access.redhat.com/errata/RHSA-2016:1206

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

Related Vulnerabilities

CVE-2018-14642 Vulnerability in maven package io.undertow:undertow-core

CVE-2023-30523 Vulnerability in maven package org.jenkins-ci.plugins:reportportal

CVE-2012-5887 Vulnerability in maven package tomcat:catalina

CVE-2007-5333 Vulnerability in maven package tomcat:tomcat-coyote

CVE-2019-10371 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory