Description

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.

Remediation

References

https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2150

Related Vulnerabilities

CVE-2023-46233 Vulnerability in maven package org.webjars.npm:github-com-brix-crypto-js

CVE-2017-5643 Vulnerability in maven package org.apache.camel:camel-core

CVE-2017-17837 Vulnerability in maven package org.apache.deltaspike.modules:deltaspike-jsf-module-impl

CVE-2022-45392 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration

CVE-2020-25640 Vulnerability in maven package org.jboss.genericjms:generic-jms-ra-jar

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory