Description

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.

Remediation

References

https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150

Related Vulnerabilities

CVE-2023-25763 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2021-3859 Vulnerability in maven package io.undertow:undertow-core

CVE-2018-12542 Vulnerability in maven package io.vertx:vertx-web

CVE-2014-0119 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-48292 Vulnerability in maven package org.xwiki.contrib:xwiki-application-admintools

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory