Description
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Lister Lite for Amazon Directory Traversal (0.9.6.35)
PostgreSQL Out-of-bounds Read Vulnerability (CVE-2019-10129)
WordPress Plugin Newspack Blocks Arbitrary File Upload (3.0.8)
MySQL CVE-2024-20971 Vulnerability (CVE-2024-20971)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6625)