Description

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

Remediation

References

https://www.cloudbees.com/jenkins-security-advisory-2016-05-11

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

https://access.redhat.com/errata/RHSA-2016:1206

http://rhn.redhat.com/errata/RHSA-2016-1773.html

Related Vulnerabilities

CVE-2018-1000055 Vulnerability in maven package org.jvnet.hudson.plugins:android-lint

CVE-2016-4430 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-29517 Vulnerability in maven package org.xwiki.platform:xwiki-platform-office-viewer

CVE-2022-0225 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2023-29020 Vulnerability in npm package @fastify/passport

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory