Description
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-736
Related Vulnerabilities
CVE-2018-1000011 Vulnerability in maven package org.jvnet.hudson.plugins.findbugs:parent
CVE-2023-31062 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2020-6449 Vulnerability in maven package org.webjars.npm:electron
CVE-2015-5211 Vulnerability in maven package org.springframework:spring-web
CVE-2020-28052 Vulnerability in maven package bouncycastle:bcprov-jdk14