Description

The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.

Remediation

References

CVE-2016-3727

Related Vulnerabilities

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-37383)

WordPress Plugin Arigato Autoresponder and Newsletter Multiple Vulnerabilities (2.5.1.6)

WordPress Plugin Link Log-external link click monitor SQL Injection (2.0)

WordPress Plugin Quotes and Tips by BestWebSoft Cross-Site Scripting (1.32)

WordPress Plugin Nextend Google Connect Cross-Site Scripting (1.5.0)

Severity

Medium

Classification

CVE-2016-3727 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities