Description
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-736
Related Vulnerabilities
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone-components
CVE-2020-13946 Vulnerability in maven package org.apache.cassandra:cassandra-all
CVE-2023-32992 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2018-1306 Vulnerability in maven package org.apache.portals.pluto:portletv3annotateddemo
CVE-2012-0022 Vulnerability in maven package org.apache.tomcat:tomcat-catalina