Description
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-736
Related Vulnerabilities
CVE-2012-0394 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2018-17184 Vulnerability in maven package org.apache.syncope:syncope-core
CVE-2018-3821 Vulnerability in npm package kibana
CVE-2022-36892 Vulnerability in maven package org.jenkins-ci.plugins:rhnpush-plugin
CVE-2018-6341 Vulnerability in maven package org.webjars.bower:vue