Description
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
Remediation
References
Related Vulnerabilities
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6434)
WordPress Plugin FormLift for Infusionsoft Web Forms SQL Injection (7.5.17)
WordPress Plugin Polo Video Gallery-Best wordpress video gallery Cross-Site Scripting (1.2)
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6131)